commit dabb3c515fc17e358a19ff78cd3d7a6fccd0a15c
author Joseph Jang <josephjang@google.com> Wed Sep 01 16:50:09 2021 +0800
committer Joseph Jang <josephjang@google.com> Mon Sep 06 18:27:08 2021 +0800
tree 783ae8bc42632fa0f9dbf1ecbe2079531c784670
parent 334a6134deb33e3ebdb1c5b5e1989a5e049ed3b2

identity: Make NoS libeic and AOSP libeic align

1. Add input parameter buffer size for CBOR data encoding
   because Nugget OS protobuf buffer is not null terminated.
2. Modify some libeic APIs to align with NoS libeic.

Bug: 198403263
Test: atest VtsHalIdentityTargetTest
      atest android.security.identity.cts
Change-Id: I9bc3689da2571c0925972f33b7314cbaaad0e28d

identity/aidl/default/libeic/EicProvisioning.c

diff --git a/identity/aidl/default/libeic/EicProvisioning.c b/identity/aidl/default/libeic/EicProvisioning.c
index 3b4148e..c9df4fd 100644
--- a/identity/aidl/default/libeic/EicProvisioning.c
+++ b/identity/aidl/default/libeic/EicProvisioning.c
@@ -15,6 +15,7 @@
  */
 
 #include "EicProvisioning.h"
+#include "EicCommon.h"
 
 bool eicProvisioningInit(EicProvisioning* ctx, bool testCredential) {
     eicMemSet(ctx, '\0', sizeof(EicProvisioning));
@@ -27,18 +28,18 @@
 }
 
 bool eicProvisioningInitForUpdate(EicProvisioning* ctx, bool testCredential, const char* docType,
-                                  const uint8_t* encryptedCredentialKeys,
+                                  size_t docTypeLength, const uint8_t* encryptedCredentialKeys,
                                   size_t encryptedCredentialKeysSize) {
-    uint8_t credentialKeys[86];
+    uint8_t credentialKeys[EIC_CREDENTIAL_KEYS_CBOR_SIZE_FEATURE_VERSION_202101];
 
     // For feature version 202009 it's 52 bytes long and for feature version 202101 it's 86
     // bytes (the additional data is the ProofOfProvisioning SHA-256). We need
     // to support loading all feature versions.
     //
     bool expectPopSha256 = false;
-    if (encryptedCredentialKeysSize == 52 + 28) {
+    if (encryptedCredentialKeysSize == EIC_CREDENTIAL_KEYS_CBOR_SIZE_FEATURE_VERSION_202009 + 28) {
         /* do nothing */
-    } else if (encryptedCredentialKeysSize == 86 + 28) {
+    } else if (encryptedCredentialKeysSize == EIC_CREDENTIAL_KEYS_CBOR_SIZE_FEATURE_VERSION_202101 + 28) {
         expectPopSha256 = true;
     } else {
         eicDebug("Unexpected size %zd for encryptedCredentialKeys", encryptedCredentialKeysSize);
@@ -51,7 +52,7 @@
     if (!eicOpsDecryptAes128Gcm(eicOpsGetHardwareBoundKey(testCredential), encryptedCredentialKeys,
                                 encryptedCredentialKeysSize,
                                 // DocType is the additionalAuthenticatedData
-                                (const uint8_t*)docType, eicStrLen(docType), credentialKeys)) {
+                                (const uint8_t*)docType, docTypeLength, credentialKeys)) {
         eicDebug("Error decrypting CredentialKeys");
         return false;
     }
@@ -114,7 +115,7 @@
 
 bool eicProvisioningStartPersonalization(EicProvisioning* ctx, int accessControlProfileCount,
                                          const int* entryCounts, size_t numEntryCounts,
-                                         const char* docType,
+                                         const char* docType, size_t docTypeLength,
                                          size_t expectedProofOfProvisioningSize) {
     if (numEntryCounts >= EIC_MAX_NUM_NAMESPACES) {
         return false;
@@ -150,7 +151,7 @@
     //  ]
     //
     eicCborAppendArray(&ctx->cbor, 4);
-    eicCborAppendString(&ctx->cbor, "Signature1");
+    eicCborAppendStringZ(&ctx->cbor, "Signature1");
 
     // The COSE Encoded protected headers is just a single field with
     // COSE_LABEL_ALG (1) -> COSE_ALG_ECSDA_256 (-7). For simplicitly we just
@@ -174,8 +175,8 @@
     eicCborEnableSecondaryDigesterSha256(&ctx->cbor, &ctx->proofOfProvisioningDigester);
 
     eicCborAppendArray(&ctx->cbor, 5);
-    eicCborAppendString(&ctx->cbor, "ProofOfProvisioning");
-    eicCborAppendString(&ctx->cbor, docType);
+    eicCborAppendStringZ(&ctx->cbor, "ProofOfProvisioning");
+    eicCborAppendString(&ctx->cbor, docType, docTypeLength);
 
     eicCborAppendArray(&ctx->cbor, accessControlProfileCount);
 
@@ -185,12 +186,12 @@
 bool eicProvisioningAddAccessControlProfile(EicProvisioning* ctx, int id,
                                             const uint8_t* readerCertificate,
                                             size_t readerCertificateSize,
-                                            bool userAuthenticationRequired, uint64_t timeoutMillis,
-                                            uint64_t secureUserId, uint8_t outMac[28]) {
-    uint8_t cborBuffer[EIC_MAX_CBOR_SIZE_FOR_ACCESS_CONTROL_PROFILE];
+                                            bool userAuthenticationRequired,
+                                            uint64_t timeoutMillis, uint64_t secureUserId,
+                                            uint8_t outMac[28], uint8_t* scratchSpace,
+                                            size_t scratchSpaceSize) {
     EicCbor cborBuilder;
-
-    eicCborInit(&cborBuilder, cborBuffer, EIC_MAX_CBOR_SIZE_FOR_ACCESS_CONTROL_PROFILE);
+    eicCborInit(&cborBuilder, scratchSpace, scratchSpaceSize);
 
     if (!eicCborCalcAccessControl(&cborBuilder, id, readerCertificate, readerCertificateSize,
                                   userAuthenticationRequired, timeoutMillis, secureUserId)) {
@@ -209,7 +210,7 @@
 
     // The ACP CBOR in the provisioning receipt doesn't include secureUserId so build
     // it again.
-    eicCborInit(&cborBuilder, cborBuffer, EIC_MAX_CBOR_SIZE_FOR_ACCESS_CONTROL_PROFILE);
+    eicCborInit(&cborBuilder, scratchSpace, scratchSpaceSize);
     if (!eicCborCalcAccessControl(&cborBuilder, id, readerCertificate, readerCertificateSize,
                                   userAuthenticationRequired, timeoutMillis,
                                   0 /* secureUserId */)) {
@@ -222,9 +223,10 @@
     return true;
 }
 
-bool eicProvisioningBeginAddEntry(EicProvisioning* ctx, const int* accessControlProfileIds,
+bool eicProvisioningBeginAddEntry(EicProvisioning* ctx, const uint8_t* accessControlProfileIds,
                                   size_t numAccessControlProfileIds, const char* nameSpace,
-                                  const char* name, uint64_t entrySize, uint8_t* scratchSpace,
+                                  size_t nameSpaceLength, const char* name, size_t nameLength,
+                                  uint64_t entrySize, uint8_t* scratchSpace,
                                   size_t scratchSpaceSize) {
     uint8_t* additionalDataCbor = scratchSpace;
     const size_t additionalDataCborBufSize = scratchSpaceSize;
@@ -233,9 +235,9 @@
     // We'll need to calc and store a digest of additionalData to check that it's the same
     // additionalData being passed in for every eicProvisioningAddEntryValue() call...
     if (!eicCborCalcEntryAdditionalData(accessControlProfileIds, numAccessControlProfileIds,
-                                        nameSpace, name, additionalDataCbor,
-                                        additionalDataCborBufSize, &additionalDataCborSize,
-                                        ctx->additionalDataSha256)) {
+                                        nameSpace, nameSpaceLength, name, nameLength,
+                                        additionalDataCbor, additionalDataCborBufSize,
+                                        &additionalDataCborSize, ctx->additionalDataSha256)) {
         return false;
     }
 
@@ -244,7 +246,7 @@
         ctx->curNamespaceNumProcessed = 0;
         // Opens the main map: { * Namespace => [ + Entry ] }
         eicCborAppendMap(&ctx->cbor, ctx->numEntryCounts);
-        eicCborAppendString(&ctx->cbor, nameSpace);
+        eicCborAppendString(&ctx->cbor, nameSpace, nameSpaceLength);
         // Opens the per-namespace array: [ + Entry ]
         eicCborAppendArray(&ctx->cbor, ctx->entryCounts[ctx->curNamespace]);
     }
@@ -252,37 +254,39 @@
     if (ctx->curNamespaceNumProcessed == ctx->entryCounts[ctx->curNamespace]) {
         ctx->curNamespace += 1;
         ctx->curNamespaceNumProcessed = 0;
-        eicCborAppendString(&ctx->cbor, nameSpace);
+        eicCborAppendString(&ctx->cbor, nameSpace, nameSpaceLength);
         // Opens the per-namespace array: [ + Entry ]
         eicCborAppendArray(&ctx->cbor, ctx->entryCounts[ctx->curNamespace]);
     }
 
     eicCborAppendMap(&ctx->cbor, 3);
-    eicCborAppendString(&ctx->cbor, "name");
-    eicCborAppendString(&ctx->cbor, name);
+    eicCborAppendStringZ(&ctx->cbor, "name");
+    eicCborAppendString(&ctx->cbor, name, nameLength);
 
     ctx->curEntrySize = entrySize;
     ctx->curEntryNumBytesReceived = 0;
 
-    eicCborAppendString(&ctx->cbor, "value");
+    eicCborAppendStringZ(&ctx->cbor, "value");
 
     ctx->curNamespaceNumProcessed += 1;
     return true;
 }
 
-bool eicProvisioningAddEntryValue(EicProvisioning* ctx, const int* accessControlProfileIds,
+bool eicProvisioningAddEntryValue(EicProvisioning* ctx, const uint8_t* accessControlProfileIds,
                                   size_t numAccessControlProfileIds, const char* nameSpace,
-                                  const char* name, const uint8_t* content, size_t contentSize,
+                                  size_t nameSpaceLength, const char* name, size_t nameLength,
+                                  const uint8_t* content, size_t contentSize,
                                   uint8_t* outEncryptedContent, uint8_t* scratchSpace,
                                   size_t scratchSpaceSize) {
     uint8_t* additionalDataCbor = scratchSpace;
     const size_t additionalDataCborBufSize = scratchSpaceSize;
     size_t additionalDataCborSize;
-
     uint8_t calculatedSha256[EIC_SHA256_DIGEST_SIZE];
+
     if (!eicCborCalcEntryAdditionalData(accessControlProfileIds, numAccessControlProfileIds,
-                                        nameSpace, name, additionalDataCbor,
-                                        additionalDataCborBufSize, &additionalDataCborSize,
+                                        nameSpace, nameSpaceLength, name, nameLength,
+                                        additionalDataCbor, additionalDataCborBufSize,
+                                        &additionalDataCborSize,
                                         calculatedSha256)) {
         return false;
     }
@@ -305,7 +309,7 @@
     // If done with this entry, close the map
     ctx->curEntryNumBytesReceived += contentSize;
     if (ctx->curEntryNumBytesReceived == ctx->curEntrySize) {
-        eicCborAppendString(&ctx->cbor, "accessControlProfiles");
+        eicCborAppendStringZ(&ctx->cbor, "accessControlProfiles");
         eicCborAppendArray(&ctx->cbor, numAccessControlProfileIds);
         for (size_t n = 0; n < numAccessControlProfileIds; n++) {
             eicCborAppendNumber(&ctx->cbor, accessControlProfileIds[n]);
@@ -337,6 +341,7 @@
 }
 
 bool eicProvisioningFinishGetCredentialData(EicProvisioning* ctx, const char* docType,
+                                            size_t docTypeLength,
                                             uint8_t* encryptedCredentialKeys,
                                             size_t* encryptedCredentialKeysSize) {
     EicCbor cbor;
@@ -367,7 +372,7 @@
     if (!eicOpsEncryptAes128Gcm(
                 eicOpsGetHardwareBoundKey(ctx->testCredential), nonce, cborBuf, cbor.size,
                 // DocType is the additionalAuthenticatedData
-                (const uint8_t*)docType, eicStrLen(docType), encryptedCredentialKeys)) {
+                (const uint8_t*)docType, docTypeLength, encryptedCredentialKeys)) {
         eicDebug("Error encrypting CredentialKeys");
         return false;
     }