Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 8e3a2bfdcd087a532ed1f6c8ccc959b29eafc8ae / . / identity / aidl / default / libeic / EicCbor.c
blob: ec049b1c0dd5f9c9a5abfb7b227722c7eebf8ba0 [file] [log] [blame]
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]1/*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "EicCbor.h"
18
19void eicCborInit(EicCbor* cbor, uint8_t* buffer, size_t bufferSize) {
20 cbor->size = 0;
21 cbor->bufferSize = bufferSize;
22 cbor->buffer = buffer;
23 cbor->digestType = EIC_CBOR_DIGEST_TYPE_SHA256;
24 eicOpsSha256Init(&cbor->digester.sha256);
25}
26
27void eicCborInitHmacSha256(EicCbor* cbor, uint8_t* buffer, size_t bufferSize,
28 const uint8_t* hmacKey, size_t hmacKeySize) {
29 cbor->size = 0;
30 cbor->bufferSize = bufferSize;
31 cbor->buffer = buffer;
32 cbor->digestType = EIC_CBOR_DIGEST_TYPE_HMAC_SHA256;
33 eicOpsHmacSha256Init(&cbor->digester.hmacSha256, hmacKey, hmacKeySize);
34}
35
36void eicCborFinal(EicCbor* cbor, uint8_t digest[EIC_SHA256_DIGEST_SIZE]) {
37 switch (cbor->digestType) {
38 case EIC_CBOR_DIGEST_TYPE_SHA256:
39 eicOpsSha256Final(&cbor->digester.sha256, digest);
40 break;
41 case EIC_CBOR_DIGEST_TYPE_HMAC_SHA256:
42 eicOpsHmacSha256Final(&cbor->digester.hmacSha256, digest);
43 break;
44 }
45}
46
47void eicCborAppend(EicCbor* cbor, const uint8_t* data, size_t size) {
48 switch (cbor->digestType) {
49 case EIC_CBOR_DIGEST_TYPE_SHA256:
50 eicOpsSha256Update(&cbor->digester.sha256, data, size);
51 break;
52 case EIC_CBOR_DIGEST_TYPE_HMAC_SHA256:
53 eicOpsHmacSha256Update(&cbor->digester.hmacSha256, data, size);
54 break;
55 }
56
57 if (cbor->size >= cbor->bufferSize) {
58 cbor->size += size;
59 return;
60 }
61
62 size_t numBytesLeft = cbor->bufferSize - cbor->size;
63 size_t numBytesToCopy = size;
64 if (numBytesToCopy > numBytesLeft) {
65 numBytesToCopy = numBytesLeft;
66 }
67 eicMemCpy(cbor->buffer + cbor->size, data, numBytesToCopy);
68
69 cbor->size += size;
70}
71
72size_t eicCborAdditionalLengthBytesFor(size_t size) {
73 if (size < 24) {
74 return 0;
75 } else if (size <= 0xff) {
76 return 1;
77 } else if (size <= 0xffff) {
78 return 2;
79 } else if (size <= 0xffffffff) {
80 return 4;
81 }
82 return 8;
83}
84
85void eicCborBegin(EicCbor* cbor, int majorType, size_t size) {
86 uint8_t data[9];
87
88 if (size < 24) {
89 data[0] = (majorType << 5) | size;
90 eicCborAppend(cbor, data, 1);
91 } else if (size <= 0xff) {
92 data[0] = (majorType << 5) | 24;
93 data[1] = size;
94 eicCborAppend(cbor, data, 2);
95 } else if (size <= 0xffff) {
96 data[0] = (majorType << 5) | 25;
97 data[1] = size >> 8;
98 data[2] = size & 0xff;
99 eicCborAppend(cbor, data, 3);
100 } else if (size <= 0xffffffff) {
101 data[0] = (majorType << 5) | 26;
102 data[1] = (size >> 24) & 0xff;
103 data[2] = (size >> 16) & 0xff;
104 data[3] = (size >> 8) & 0xff;
105 data[4] = size & 0xff;
106 eicCborAppend(cbor, data, 5);
107 } else {
108 data[0] = (majorType << 5) | 24;
109 data[1] = (((uint64_t)size) >> 56) & 0xff;
110 data[2] = (((uint64_t)size) >> 48) & 0xff;
111 data[3] = (((uint64_t)size) >> 40) & 0xff;
112 data[4] = (((uint64_t)size) >> 32) & 0xff;
113 data[5] = (((uint64_t)size) >> 24) & 0xff;
114 data[6] = (((uint64_t)size) >> 16) & 0xff;
115 data[7] = (((uint64_t)size) >> 8) & 0xff;
116 data[8] = ((uint64_t)size) & 0xff;
117 eicCborAppend(cbor, data, 9);
118 }
119}
120
121void eicCborAppendByteString(EicCbor* cbor, const uint8_t* data, size_t dataSize) {
122 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_BYTE_STRING, dataSize);
123 eicCborAppend(cbor, data, dataSize);
124}
125
126void eicCborAppendString(EicCbor* cbor, const char* str) {
127 size_t length = eicStrLen(str);
128 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_STRING, length);
129 eicCborAppend(cbor, (const uint8_t*)str, length);
130}
131
132void eicCborAppendSimple(EicCbor* cbor, uint8_t simpleValue) {
133 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_SIMPLE, simpleValue);
134}
135
136void eicCborAppendBool(EicCbor* cbor, bool value) {
137 uint8_t simpleValue = value ? EIC_CBOR_SIMPLE_VALUE_TRUE : EIC_CBOR_SIMPLE_VALUE_FALSE;
138 eicCborAppendSimple(cbor, simpleValue);
139}
140
141void eicCborAppendSemantic(EicCbor* cbor, uint64_t value) {
142 size_t encoded = value;
143 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_SEMANTIC, encoded);
144}
145
146void eicCborAppendUnsigned(EicCbor* cbor, uint64_t value) {
147 size_t encoded = value;
148 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_UNSIGNED, encoded);
149}
150
151void eicCborAppendNumber(EicCbor* cbor, int64_t value) {
152 if (value < 0) {
153 size_t encoded = -1 - value;
154 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_NEGATIVE, encoded);
155 } else {
156 eicCborAppendUnsigned(cbor, value);
157 }
158}
159
160void eicCborAppendArray(EicCbor* cbor, size_t numElements) {
161 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_ARRAY, numElements);
162}
163
164void eicCborAppendMap(EicCbor* cbor, size_t numPairs) {
165 eicCborBegin(cbor, EIC_CBOR_MAJOR_TYPE_MAP, numPairs);
166}
167
168bool eicCborCalcAccessControl(EicCbor* cborBuilder, int id, const uint8_t* readerCertificate,
169 size_t readerCertificateSize, bool userAuthenticationRequired,
170 uint64_t timeoutMillis, uint64_t secureUserId) {
171 size_t numPairs = 1;
172 if (readerCertificateSize > 0) {
173 numPairs += 1;
174 }
175 if (userAuthenticationRequired) {
176 numPairs += 2;
177 if (secureUserId > 0) {
178 numPairs += 1;
179 }
180 }
181 eicCborAppendMap(cborBuilder, numPairs);
182 eicCborAppendString(cborBuilder, "id");
183 eicCborAppendUnsigned(cborBuilder, id);
184 if (readerCertificateSize > 0) {
185 eicCborAppendString(cborBuilder, "readerCertificate");
186 eicCborAppendByteString(cborBuilder, readerCertificate, readerCertificateSize);
187 }
188 if (userAuthenticationRequired) {
189 eicCborAppendString(cborBuilder, "userAuthenticationRequired");
190 eicCborAppendBool(cborBuilder, userAuthenticationRequired);
191 eicCborAppendString(cborBuilder, "timeoutMillis");
192 eicCborAppendUnsigned(cborBuilder, timeoutMillis);
193 if (secureUserId > 0) {
194 eicCborAppendString(cborBuilder, "secureUserId");
195 eicCborAppendUnsigned(cborBuilder, secureUserId);
196 }
197 }
198
199 if (cborBuilder->size > cborBuilder->bufferSize) {
200 eicDebug("Buffer for ACP CBOR is too small (%zd) - need %zd bytes", cborBuilder->bufferSize,
201 cborBuilder->size);
202 return false;
203 }
204
205 return true;
206}
207
208bool eicCborCalcEntryAdditionalData(const int* accessControlProfileIds,
209 size_t numAccessControlProfileIds, const char* nameSpace,
210 const char* name, uint8_t* cborBuffer, size_t cborBufferSize,
211 size_t* outAdditionalDataCborSize,
212 uint8_t additionalDataSha256[EIC_SHA256_DIGEST_SIZE]) {
213 EicCbor cborBuilder;
214
215 eicCborInit(&cborBuilder, cborBuffer, cborBufferSize);
216 eicCborAppendMap(&cborBuilder, 3);
217 eicCborAppendString(&cborBuilder, "Namespace");
218 eicCborAppendString(&cborBuilder, nameSpace);
219 eicCborAppendString(&cborBuilder, "Name");
220 eicCborAppendString(&cborBuilder, name);
221 eicCborAppendString(&cborBuilder, "AccessControlProfileIds");
222 eicCborAppendArray(&cborBuilder, numAccessControlProfileIds);
223 for (size_t n = 0; n < numAccessControlProfileIds; n++) {
224 eicCborAppendNumber(&cborBuilder, accessControlProfileIds[n]);
225 }
226 if (cborBuilder.size > cborBufferSize) {
227 eicDebug("Not enough space for additionalData - buffer is only %zd bytes, content is %zd",
228 cborBufferSize, cborBuilder.size);
229 return false;
230 }
231 if (outAdditionalDataCborSize != NULL) {
232 *outAdditionalDataCborSize = cborBuilder.size;
233 }
234 eicCborFinal(&cborBuilder, additionalDataSha256);
235 return true;
236}