Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / f1cb5e825dd530bd23c64909d7d6140a02cb300c / . / identity / aidl / default / common / WritableIdentityCredential.h
blob: 39d32c9dc721332f46e0580f33856fce3e9b7946 [file] [log] [blame]
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]1/*
2 * Copyright 2019, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef ANDROID_HARDWARE_IDENTITY_WRITABLEIDENTITYCREDENTIAL_H
18#define ANDROID_HARDWARE_IDENTITY_WRITABLEIDENTITYCREDENTIAL_H
19
20#include <aidl/android/hardware/identity/BnWritableIdentityCredential.h>
21#include <android/hardware/identity/support/IdentityCredentialSupport.h>
22
23#include <cppbor.h>
Selene Huang92b61d62020-03-04 02:24:16 -0800[diff] [blame]24#include <set>
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]25
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]26#include "IdentityCredentialStore.h"
27#include "SecureHardwareProxy.h"
28
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]29namespace aidl::android::hardware::identity {
30
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]31using ::android::sp;
32using ::android::hardware::identity::SecureHardwareProvisioningProxy;
Seth Moore1bf823c2022-01-25 23:04:37 +0000[diff] [blame]33using ::std::optional;
Selene Huang92b61d62020-03-04 02:24:16 -0800[diff] [blame]34using ::std::set;
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]35using ::std::string;
36using ::std::vector;
37
38class WritableIdentityCredential : public BnWritableIdentityCredential {
39 public:
David Zeuthen49f2d252020-10-16 11:27:24 -0400[diff] [blame]40 // For a new credential, call initialize() right after construction.
41 //
42 // For an updated credential, call initializeForUpdate() right after construction.
43 //
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]44 WritableIdentityCredential(sp<SecureHardwareProvisioningProxy> hwProxy, const string& docType,
Seth Moore1bf823c2022-01-25 23:04:37 +0000[diff] [blame]45 bool testCredential, HardwareInformation hardwareInformation)
46 : hwProxy_(hwProxy),
47 docType_(docType),
48 testCredential_(testCredential),
49 hardwareInformation_(std::move(hardwareInformation)) {}
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]50
51 ~WritableIdentityCredential();
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]52
David Zeuthen49f2d252020-10-16 11:27:24 -0400[diff] [blame]53 // Creates the Credential Key. Returns false on failure.
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]54 bool initialize();
55
David Zeuthen49f2d252020-10-16 11:27:24 -0400[diff] [blame]56 // Used when updating a credential. Returns false on failure.
57 bool initializeForUpdate(const vector<uint8_t>& encryptedCredentialKeys);
58
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]59 // Methods from IWritableIdentityCredential follow.
Jooyung Han17be89b2020-02-21 21:17:06 +0900[diff] [blame]60 ndk::ScopedAStatus getAttestationCertificate(const vector<uint8_t>& attestationApplicationId,
61 const vector<uint8_t>& attestationChallenge,
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]62 vector<Certificate>* outCertificateChain) override;
63
David Zeuthen28edb102020-04-28 18:54:55 -0400[diff] [blame]64 ndk::ScopedAStatus setExpectedProofOfProvisioningSize(
65 int32_t expectedProofOfProvisioningSize) override;
66
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]67 ndk::ScopedAStatus startPersonalization(int32_t accessControlProfileCount,
68 const vector<int32_t>& entryCounts) override;
69
70 ndk::ScopedAStatus addAccessControlProfile(
71 int32_t id, const Certificate& readerCertificate, bool userAuthenticationRequired,
72 int64_t timeoutMillis, int64_t secureUserId,
73 SecureAccessControlProfile* outSecureAccessControlProfile) override;
74
75 ndk::ScopedAStatus beginAddEntry(const vector<int32_t>& accessControlProfileIds,
76 const string& nameSpace, const string& name,
77 int32_t entrySize) override;
Jooyung Han17be89b2020-02-21 21:17:06 +0900[diff] [blame]78 ndk::ScopedAStatus addEntryValue(const vector<uint8_t>& content,
79 vector<uint8_t>* outEncryptedContent) override;
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]80
81 ndk::ScopedAStatus finishAddingEntries(
Jooyung Han17be89b2020-02-21 21:17:06 +0900[diff] [blame]82 vector<uint8_t>* outCredentialData,
83 vector<uint8_t>* outProofOfProvisioningSignature) override;
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]84
Seth Moore1bf823c2022-01-25 23:04:37 +0000[diff] [blame]85 ndk::ScopedAStatus setRemotelyProvisionedAttestationKey(
86 const vector<uint8_t>& attestationKeyBlob,
87 const vector<uint8_t>& attestationCertificateChain) override;
88
David Zeuthen28edb102020-04-28 18:54:55 -0400[diff] [blame]89 private:
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]90 // Set by constructor.
91 sp<SecureHardwareProvisioningProxy> hwProxy_;
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]92 string docType_;
93 bool testCredential_;
Seth Moore1bf823c2022-01-25 23:04:37 +0000[diff] [blame]94 HardwareInformation hardwareInformation_;
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]95
Selene Huang459cb802020-01-08 22:59:02 -0800[diff] [blame]96 // This is set in initialize().
Selene Huang92b61d62020-03-04 02:24:16 -0800[diff] [blame]97 bool startPersonalizationCalled_;
98 bool firstEntry_;
Selene Huang459cb802020-01-08 22:59:02 -0800[diff] [blame]99
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]100 // This is set in getAttestationCertificate().
101 bool getAttestationCertificateAlreadyCalled_ = false;
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]102
103 // These fields are initialized during startPersonalization()
104 size_t numAccessControlProfileRemaining_;
105 vector<int32_t> remainingEntryCounts_;
106 cppbor::Array signedDataAccessControlProfiles_;
107 cppbor::Map signedDataNamespaces_;
108 cppbor::Array signedDataCurrentNamespace_;
David Zeuthen28edb102020-04-28 18:54:55 -0400[diff] [blame]109 size_t expectedProofOfProvisioningSize_;
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]110
Selene Huang92b61d62020-03-04 02:24:16 -0800[diff] [blame]111 // This field is initialized in addAccessControlProfile
112 set<int32_t> accessControlProfileIds_;
113
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]114 // These fields are initialized during beginAddEntry()
115 size_t entryRemainingBytes_;
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]116 string entryNameSpace_;
117 string entryName_;
118 vector<int32_t> entryAccessControlProfileIds_;
119 vector<uint8_t> entryBytes_;
Selene Huang92b61d62020-03-04 02:24:16 -0800[diff] [blame]120 set<string> allNameSpaces_;
Seth Moore1bf823c2022-01-25 23:04:37 +0000[diff] [blame]121
122 // Remotely provisioned attestation data, set via setRemotelyProvisionedAttestationKey
123 optional<vector<uint8_t>> attestationKeyBlob_;
124 optional<vector<vector<uint8_t>>> attestationCertificateChain_;
David Zeuthen81603152020-02-11 22:04:24 -0500[diff] [blame]125};
126
127} // namespace aidl::android::hardware::identity
128
129#endif // ANDROID_HARDWARE_IDENTITY_WRITABLEIDENTITYCREDENTIAL_H