Keystore 2.0: Add attestation application id on generation and import.
Bug: 173546023
Test: Attestation CTS tests.
Change-Id: Ibe94ff452742ef763adb3c59e575d1ea3fb7abb7
diff --git a/keystore2/aaid/Android.bp b/keystore2/aaid/Android.bp
new file mode 100644
index 0000000..2329400
--- /dev/null
+++ b/keystore2/aaid/Android.bp
@@ -0,0 +1,50 @@
+// Copyright 2020, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_library {
+ name: "libkeystore2_aaid",
+ srcs: [
+ "aaid.cpp",
+ ],
+ shared_libs: [
+ "libkeystore-attestation-application-id"
+ ],
+}
+
+rust_bindgen {
+ name: "libkeystore2_aaid_bindgen",
+ wrapper_src: "aaid.hpp",
+ crate_name: "keystore2_aaid_bindgen",
+ source_stem: "bindings",
+
+ bindgen_flags: [
+ "--size_t-is-usize",
+ "--whitelist-function=aaid_keystore_attestation_id",
+ "--whitelist-var=KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE",
+ ],
+}
+
+rust_library {
+ name: "libkeystore2_aaid-rust",
+ crate_name: "keystore2_aaid",
+ srcs: [
+ "lib.rs",
+ ],
+ rustlibs: [
+ "libkeystore2_aaid_bindgen",
+ ],
+ shared_libs: [
+ "libkeystore2_aaid",
+ ],
+}
diff --git a/keystore2/aaid/aaid.cpp b/keystore2/aaid/aaid.cpp
new file mode 100644
index 0000000..fd3faf6
--- /dev/null
+++ b/keystore2/aaid/aaid.cpp
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "aaid.hpp"
+
+#include <keystore/keystore_attestation_id.h>
+
+using android::security::gather_attestation_application_id;
+
+uint32_t aaid_keystore_attestation_id(uint32_t uid, uint8_t* aaid, size_t* aaid_size) {
+ static_assert(sizeof(uint32_t) == sizeof(uid_t), "uid_t has unexpected size");
+ static_assert(sizeof(uint32_t) == sizeof(android::status_t), "status_t has unexpected size");
+ static_assert(KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE ==
+ android::security::KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE,
+ "KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE sizes don't match.");
+ auto result = gather_attestation_application_id(uid);
+ if (!result.isOk()) {
+ return result.status();
+ }
+ if (result.value().size() > KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE) {
+ return ::android::NO_MEMORY;
+ }
+ if (*aaid_size != KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE) {
+ return ::android::BAD_VALUE;
+ }
+ std::copy(result.value().begin(), result.value().end(), aaid);
+ *aaid_size = result.value().size();
+ return ::android::OK;
+}
diff --git a/keystore2/aaid/aaid.hpp b/keystore2/aaid/aaid.hpp
new file mode 100644
index 0000000..9e2c148
--- /dev/null
+++ b/keystore2/aaid/aaid.hpp
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#pragma once
+
+#include <stdint.h>
+#include <stddef.h>
+
+/**
+ * This is a redefinition of KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE in
+ * system/security/keystore/keystore_attestation_id.h and must be kept in sync.
+ * There is a static assert in aaid.cpp to assure that they are in sync.
+ * We redefine this here to avoid unnecessary build dependencies for
+ * the rust bindgen target.
+ */
+constexpr const size_t KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE = 1024;
+
+extern "C" {
+ /**
+ * Fills the buffer at aaid with the attestation application id of the app uid.
+ * The buffer must be exactly KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE bytes in size.
+ * *aaid_size is set to the number of bytes written to aaid.
+ *
+ * @param uid the uid of the app to retrieve the aaid for.
+ * @param aaid output buffer for the attestation id.
+ * @param aaid_size must be set to the size of the output buffer, which must be exactly
+ * KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE bytes in size, by the caller. On success
+ * it is set to the number of bytes written.
+ * @return OK on success.
+ */
+ uint32_t aaid_keystore_attestation_id(uint32_t uid, uint8_t* aaid, size_t* aaid_size);
+}
diff --git a/keystore2/aaid/lib.rs b/keystore2/aaid/lib.rs
new file mode 100644
index 0000000..3187198
--- /dev/null
+++ b/keystore2/aaid/lib.rs
@@ -0,0 +1,35 @@
+// Copyright 2020, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Rust binding for getting the attestation application id.
+
+use keystore2_aaid_bindgen::{
+ aaid_keystore_attestation_id, KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE,
+};
+
+/// Returns the attestation application id for the given uid or an error code
+/// corresponding to ::android::status_t.
+pub fn get_aaid(uid: u32) -> Result<Vec<u8>, u32> {
+ let mut buffer = [0u8; KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE];
+ let mut size = KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE;
+ // Safety:
+ // aaid_keystore_attestation_id expects a buffer of exactly
+ // KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE bytes and returns the number of bytes written
+ // in the second pointer argument.
+ let status = unsafe { aaid_keystore_attestation_id(uid, buffer.as_mut_ptr(), &mut size) };
+ match status {
+ 0 => Ok(buffer[0..size as usize].to_vec()),
+ status => Err(status),
+ }
+}