commit 3f6c15c656884e71acea20f8abdcac6994f04e13
author Rajesh Nyamagoud <nyamagoud@google.com> Sat Mar 11 01:26:48 2023 +0000
committer Rajesh Nyamagoud <nyamagoud@google.com> Fri Oct 06 04:23:41 2023 +0000
tree 989b2851ced4c3649d8a23520bcc9968821367f2
parent 1a7cd1d195a635b96c83e78114837d81ce923512

Restructuring of AAID using aidl_interface build system.

Making changes to use cpp backend generated by aidl_interface
build system for KeyAttestationApplicationProvider.
Removed custom parcelables defined for AAID.
Updated the tests to use the aidl_interface generated bindings.

Bug: 267452060
Test: atest android.keystore.cts.KeyAttestationTest; atest
keystore_unit_tests; keystoreSignature_fuzzer;
keystorePackageInfo_fuzzer; keystoreApplicationId_fuzzer;
keystoreAttestationId_fuzzer

Change-Id: Ibdfb8e2837538d01a04b6771b1a71c38529d1307

identity/Android.bp

diff --git a/identity/Android.bp b/identity/Android.bp
index 007a310..f7a540a 100644
--- a/identity/Android.bp
+++ b/identity/Android.bp
@@ -51,6 +51,7 @@
         "liblog",
         "libutils",
         "libutilscallstack",
+        "libkeystore-attestation-application-id",
     ],
     static_libs: [
         "android.hardware.keymaster-V3-cpp",
@@ -60,7 +61,6 @@
         "libcppbor_external",
         "libcredstore_aidl",
         "libkeymaster4support",
-        "libkeystore-attestation-application-id",
         "librkp_support",
     ],
 }

keystore/Android.bp

diff --git a/keystore/Android.bp b/keystore/Android.bp
index 221ead9..c79d00b 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -69,19 +69,16 @@
     defaults: ["keystore_defaults"],
 
     srcs: [
-        ":IKeyAttestationApplicationIdProvider.aidl",
         "keystore_attestation_id.cpp",
-        "KeyAttestationApplicationId.cpp",
-        "KeyAttestationPackageInfo.cpp",
-        "Signature.cpp",
     ],
     shared_libs: [
+        "android.security.aaid_aidl-cpp",
         "libbase",
         "libbinder",
+        "libcrypto",
         "libhidlbase",
         "liblog",
         "libutils",
-        "libcrypto",
     ],
 
     export_include_dirs: ["include"],

keystore/KeyAttestationApplicationId.cpp

diff --git a/keystore/KeyAttestationApplicationId.cpp b/keystore/KeyAttestationApplicationId.cpp
deleted file mode 100644
index 1838b07..0000000
--- a/keystore/KeyAttestationApplicationId.cpp
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
-**
-** Copyright 2016, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-**     http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-
-#include "include/keystore/KeyAttestationApplicationId.h"
-
-#include <binder/Parcel.h>
-
-namespace android {
-namespace security {
-namespace keymaster {
-
-KeyAttestationApplicationId::KeyAttestationApplicationId() = default;
-
-KeyAttestationApplicationId::KeyAttestationApplicationId(
-    std::optional<KeyAttestationPackageInfo> package)
-    : packageInfos_(new std::vector<std::optional<KeyAttestationPackageInfo>>()) {
-    packageInfos_->push_back(std::move(package));
-}
-
-KeyAttestationApplicationId::KeyAttestationApplicationId(PackageInfoVector packages)
-    : packageInfos_(std::make_shared<PackageInfoVector>(std::move(packages))) {}
-
-status_t KeyAttestationApplicationId::writeToParcel(Parcel* parcel) const {
-    return parcel->writeParcelableVector(packageInfos_);
-}
-
-status_t KeyAttestationApplicationId::readFromParcel(const Parcel* parcel) {
-    std::optional<std::vector<std::optional<KeyAttestationPackageInfo>>> temp_vector;
-    auto rc = parcel->readParcelableVector(&temp_vector);
-    if (rc != NO_ERROR) return rc;
-    packageInfos_.reset();
-    if (temp_vector) {
-        packageInfos_ = std::make_shared<PackageInfoVector>(std::move(*temp_vector));
-    }
-    return NO_ERROR;
-}
-
-}  // namespace keymaster
-}  // namespace security
-}  // namespace android

keystore/KeyAttestationPackageInfo.cpp

diff --git a/keystore/KeyAttestationPackageInfo.cpp b/keystore/KeyAttestationPackageInfo.cpp
deleted file mode 100644
index 8e9a36a..0000000
--- a/keystore/KeyAttestationPackageInfo.cpp
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
-**
-** Copyright 2016, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-**     http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-
-#include "include/keystore/KeyAttestationPackageInfo.h"
-
-#include <binder/Parcel.h>
-
-namespace android {
-namespace security {
-namespace keymaster {
-
-KeyAttestationPackageInfo::KeyAttestationPackageInfo() = default;
-
-KeyAttestationPackageInfo::KeyAttestationPackageInfo(const String16& packageName,
-                                                     int64_t versionCode,
-                                                     SharedSignaturesVector signatures)
-    : packageName_(packageName), versionCode_(versionCode), signatures_(signatures) {}
-
-status_t KeyAttestationPackageInfo::writeToParcel(Parcel* parcel) const {
-    auto rc = parcel->writeString16(packageName_);
-    if (rc != NO_ERROR) return rc;
-    rc = parcel->writeInt64(versionCode_);
-    if (rc != NO_ERROR) return rc;
-    return parcel->writeParcelableVector(signatures_);
-}
-
-status_t KeyAttestationPackageInfo::readFromParcel(const Parcel* parcel) {
-    auto rc = parcel->readString16(&packageName_);
-    if (rc != NO_ERROR) return rc;
-    rc = parcel->readInt64(&versionCode_);
-    if (rc != NO_ERROR) return rc;
-
-    std::optional<SignaturesVector> temp_vector;
-    rc = parcel->readParcelableVector(&temp_vector);
-    if (rc != NO_ERROR) return rc;
-    signatures_.reset();
-    if (temp_vector) {
-        signatures_ = std::make_shared<SignaturesVector>(std::move(*temp_vector));
-    }
-    return NO_ERROR;
-}
-
-}  // namespace keymaster
-}  // namespace security
-}  // namespace android

keystore/Signature.cpp

diff --git a/keystore/Signature.cpp b/keystore/Signature.cpp
deleted file mode 100644
index 284f358..0000000
--- a/keystore/Signature.cpp
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
-**
-** Copyright 2016, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-**     http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-
-#include "include/keystore/Signature.h"
-
-#include <binder/Parcel.h>
-
-namespace android {
-namespace content {
-namespace pm {
-
-status_t Signature::writeToParcel(Parcel* parcel) const {
-    return parcel->writeByteVector(sig_data_);
-}
-
-status_t Signature::readFromParcel(const Parcel* parcel) {
-    return parcel->readByteVector(&sig_data_);
-}
-
-Signature::Signature(std::vector<uint8_t> signature_data) : sig_data_(std::move(signature_data)) {}
-
-}  // namespace pm
-}  // namespace content
-}  // namespace android

keystore/include/keystore/KeyAttestationApplicationId.h

diff --git a/keystore/include/keystore/KeyAttestationApplicationId.h b/keystore/include/keystore/KeyAttestationApplicationId.h
deleted file mode 100644
index 0bf1aad..0000000
--- a/keystore/include/keystore/KeyAttestationApplicationId.h
+++ /dev/null
@@ -1,58 +0,0 @@
-// Copyright 2016 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_
-#define KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_
-
-#include <memory>
-#include <optional>
-#include <vector>
-
-#include <binder/Parcelable.h>
-
-#include "KeyAttestationPackageInfo.h"
-
-namespace android {
-namespace security {
-namespace keymaster {
-
-class KeyAttestationApplicationId : public Parcelable {
-  public:
-    typedef SharedNullableIterator<const KeyAttestationPackageInfo, std::vector>
-        ConstKeyAttestationPackageInfoIterator;
-    typedef std::vector<std::optional<KeyAttestationPackageInfo>> PackageInfoVector;
-    KeyAttestationApplicationId();
-    // Following c'tors are for initializing instances containing test data.
-    explicit KeyAttestationApplicationId(std::optional<KeyAttestationPackageInfo> package);
-    explicit KeyAttestationApplicationId(PackageInfoVector packages);
-
-    status_t writeToParcel(Parcel*) const override;
-    status_t readFromParcel(const Parcel* parcel) override;
-
-    ConstKeyAttestationPackageInfoIterator pinfos_begin() const {
-        return ConstKeyAttestationPackageInfoIterator(packageInfos_);
-    }
-    ConstKeyAttestationPackageInfoIterator pinfos_end() const {
-        return ConstKeyAttestationPackageInfoIterator();
-    }
-
-  private:
-    std::shared_ptr<PackageInfoVector> packageInfos_;
-};
-
-}  // namespace keymaster
-}  // namespace security
-}  // namespace android
-
-#endif  // KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_

keystore/include/keystore/KeyAttestationPackageInfo.h

diff --git a/keystore/include/keystore/KeyAttestationPackageInfo.h b/keystore/include/keystore/KeyAttestationPackageInfo.h
deleted file mode 100644
index fa638f9..0000000
--- a/keystore/include/keystore/KeyAttestationPackageInfo.h
+++ /dev/null
@@ -1,63 +0,0 @@
-// Copyright 2016 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONPACKAGEINFO_H_
-#define KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONPACKAGEINFO_H_
-
-#include <stdint.h>
-
-#include <memory>
-#include <optional>
-#include <vector>
-
-#include <binder/Parcelable.h>
-
-#include "Signature.h"
-#include "utils.h"
-
-namespace android {
-namespace security {
-namespace keymaster {
-
-class KeyAttestationPackageInfo : public Parcelable {
-  public:
-    typedef SharedNullableIterator<const content::pm::Signature, std::vector>
-        ConstSignatureIterator;
-    typedef std::vector<std::optional<content::pm::Signature>> SignaturesVector;
-    typedef std::shared_ptr<SignaturesVector> SharedSignaturesVector;
-
-    KeyAttestationPackageInfo(const String16& packageName, int64_t versionCode,
-                              SharedSignaturesVector signatures);
-    KeyAttestationPackageInfo();
-
-    status_t writeToParcel(Parcel*) const override;
-    status_t readFromParcel(const Parcel* parcel) override;
-
-    const std::optional<String16>& package_name() const { return packageName_; }
-    int64_t version_code() const { return versionCode_; }
-
-    ConstSignatureIterator sigs_begin() const { return ConstSignatureIterator(signatures_); }
-    ConstSignatureIterator sigs_end() const { return ConstSignatureIterator(); }
-
-  private:
-    std::optional<String16> packageName_;
-    int64_t versionCode_;
-    SharedSignaturesVector signatures_;
-};
-
-}  // namespace keymaster
-}  // namespace security
-}  // namespace android
-
-#endif  // KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONPACKAGEINFO_H_

keystore/include/keystore/Signature.h

diff --git a/keystore/include/keystore/Signature.h b/keystore/include/keystore/Signature.h
deleted file mode 100644
index f39acec..0000000
--- a/keystore/include/keystore/Signature.h
+++ /dev/null
@@ -1,47 +0,0 @@
-// Copyright 2016 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef KEYSTORE_INCLUDE_KEYSTORE_SIGNATURE_H_
-#define KEYSTORE_INCLUDE_KEYSTORE_SIGNATURE_H_
-
-#include <vector>
-
-#include <binder/Parcelable.h>
-
-namespace android {
-namespace content {
-namespace pm {
-
-class Signature : public Parcelable {
-  public:
-    Signature() = default;
-    // Intended for initializing instances containing test data.
-    explicit Signature(std::vector<uint8_t> signature_data);
-
-    status_t writeToParcel(Parcel*) const override;
-    status_t readFromParcel(const Parcel* parcel) override;
-
-    const std::vector<uint8_t>& data() const & { return sig_data_; }
-    std::vector<uint8_t>& data() & { return sig_data_; }
-    std::vector<uint8_t>&& data() && { return std::move(sig_data_); }
-
-  private:
-    std::vector<uint8_t> sig_data_;
-};
-
-}  // namespace pm
-}  // namespace content
-}  // namespace android
-
-#endif  // KEYSTORE_INCLUDE_KEYSTORE_SIGNATURE_H_

keystore/include/keystore/keystore_attestation_id.h

diff --git a/keystore/include/keystore/keystore_attestation_id.h b/keystore/include/keystore/keystore_attestation_id.h
index 238f4b1..a0d43ad 100644
--- a/keystore/include/keystore/keystore_attestation_id.h
+++ b/keystore/include/keystore/keystore_attestation_id.h
@@ -25,11 +25,11 @@
 
 constexpr size_t KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE = 1024;
 
-namespace keymaster {
+namespace keystore {
 
 class KeyAttestationApplicationId;
 
-}  // namespace keymaster
+}  // namespace keystore
 
 template <typename T> class StatusOr {
   public:
@@ -77,7 +77,7 @@
  */
 
 StatusOr<std::vector<uint8_t>> build_attestation_application_id(
-    const ::android::security::keymaster::KeyAttestationApplicationId& key_attestation_id);
+    const ::android::security::keystore::KeyAttestationApplicationId& key_attestation_id);
 
 }  // namespace security
 }  // namespace android

keystore/keystore_attestation_id.cpp

diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index 8eade97..1534be1 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -29,11 +29,11 @@
 #include <binder/Parcelable.h>
 #include <binder/PersistableBundle.h>
 
-#include <android/security/keymaster/BpKeyAttestationApplicationIdProvider.h>
-#include <android/security/keymaster/IKeyAttestationApplicationIdProvider.h>
-#include <keystore/KeyAttestationApplicationId.h>
-#include <keystore/KeyAttestationPackageInfo.h>
-#include <keystore/Signature.h>
+#include <android/security/keystore/BpKeyAttestationApplicationIdProvider.h>
+#include <android/security/keystore/IKeyAttestationApplicationIdProvider.h>
+#include <android/security/keystore/KeyAttestationApplicationId.h>
+#include <android/security/keystore/KeyAttestationPackageInfo.h>
+#include <android/security/keystore/Signature.h>
 
 #include <private/android_filesystem_config.h> /* for AID_SYSTEM */
 
@@ -50,13 +50,13 @@
 constexpr const char* kAttestationSystemPackageName = "AndroidSystem";
 constexpr const char* kUnknownPackageName = "UnknownPackage";
 
-std::vector<uint8_t> signature2SHA256(const content::pm::Signature& sig) {
+std::vector<uint8_t> signature2SHA256(const security::keystore::Signature& sig) {
     std::vector<uint8_t> digest_buffer(SHA256_DIGEST_LENGTH);
-    SHA256(sig.data().data(), sig.data().size(), digest_buffer.data());
+    SHA256(sig.data.data(), sig.data.size(), digest_buffer.data());
     return digest_buffer;
 }
 
-using ::android::security::keymaster::BpKeyAttestationApplicationIdProvider;
+using ::android::security::keystore::BpKeyAttestationApplicationIdProvider;
 
 class KeyAttestationApplicationIdProvider : public BpKeyAttestationApplicationIdProvider {
   public:
@@ -141,8 +141,8 @@
 namespace security {
 namespace {
 
-using ::android::security::keymaster::KeyAttestationApplicationId;
-using ::android::security::keymaster::KeyAttestationPackageInfo;
+using ::android::security::keystore::KeyAttestationApplicationId;
+using ::android::security::keystore::KeyAttestationPackageInfo;
 
 status_t build_attestation_package_info(const KeyAttestationPackageInfo& pinfo,
     std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO>* attestation_package_info_ptr) {
@@ -153,12 +153,12 @@
     attestation_package_info.reset(KM_ATTESTATION_PACKAGE_INFO_new());
     if (!attestation_package_info.get()) return NO_MEMORY;
 
-    if (!pinfo.package_name()) {
+    if (!pinfo.packageName) {
         ALOGE("Key attestation package info lacks package name");
         return BAD_VALUE;
     }
 
-    std::string pkg_name(String8(*pinfo.package_name()).c_str());
+    std::string pkg_name(String8(pinfo.packageName).c_str());
     if (!ASN1_OCTET_STRING_set(attestation_package_info->package_name,
                                reinterpret_cast<const unsigned char*>(pkg_name.data()),
                                pkg_name.size())) {
@@ -169,7 +169,7 @@
     if (bn_version == nullptr) {
         return NO_MEMORY;
     }
-    if (BN_set_u64(bn_version, static_cast<uint64_t>(pinfo.version_code())) != 1) {
+    if (BN_set_u64(bn_version, static_cast<uint64_t>(pinfo.versionCode)) != 1) {
         BN_free(bn_version);
         return UNKNOWN_ERROR;
     }
@@ -201,15 +201,16 @@
 
     auto attestation_pinfo_stack = reinterpret_cast<_STACK*>(attestation_id->package_infos);
 
-    if (key_attestation_id.pinfos_begin() == key_attestation_id.pinfos_end()) return BAD_VALUE;
+    if (key_attestation_id.packageInfos.begin() == key_attestation_id.packageInfos.end())
+        return BAD_VALUE;
 
-    for (auto pinfo = key_attestation_id.pinfos_begin(); pinfo != key_attestation_id.pinfos_end();
-         ++pinfo) {
-        if (!pinfo->package_name()) {
+    for (auto pinfo = key_attestation_id.packageInfos.begin();
+         pinfo != key_attestation_id.packageInfos.end(); ++pinfo) {
+        if (!pinfo->packageName) {
             ALOGE("Key attestation package info lacks package name");
             return BAD_VALUE;
         }
-        std::string package_name(String8(*pinfo->package_name()).c_str());
+        std::string package_name(String8(pinfo->packageName).c_str());
         std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO> attestation_package_info;
         auto rc = build_attestation_package_info(*pinfo, &attestation_package_info);
         if (rc != NO_ERROR) {
@@ -231,10 +232,10 @@
      *  signature field actually holds the signing certificate, rather than a signature, we can
      *  simply use the set of signature digests of the first package info.
      */
-    const auto& pinfo = *key_attestation_id.pinfos_begin();
+    const auto& pinfo = *key_attestation_id.packageInfos.begin();
     std::vector<std::vector<uint8_t>> signature_digests;
 
-    for (auto sig = pinfo.sigs_begin(); sig != pinfo.sigs_end(); ++sig) {
+    for (auto sig = pinfo.signatures.begin(); sig != pinfo.signatures.end(); ++sig) {
         signature_digests.push_back(signature2SHA256(*sig));
     }
 
@@ -271,10 +272,10 @@
 
     if (uid == AID_SYSTEM) {
         /* Use a fixed ID for system callers */
-        auto pinfo = std::make_optional<KeyAttestationPackageInfo>(
-            String16(kAttestationSystemPackageName), 1 /* version code */,
-            std::make_shared<KeyAttestationPackageInfo::SignaturesVector>());
-        key_attestation_id = KeyAttestationApplicationId(std::move(pinfo));
+        auto pinfo = KeyAttestationPackageInfo();
+        pinfo.packageName = String16(kAttestationSystemPackageName);
+        pinfo.versionCode = 1;
+        key_attestation_id.packageInfos.push_back(std::move(pinfo));
     } else {
         /* Get the attestation application ID from package manager */
         auto& pm = KeyAttestationApplicationIdProvider::get();
@@ -284,10 +285,11 @@
         if (!status.isOk()) {
             ALOGW("package manager request for key attestation ID failed with: %s %d",
                   status.exceptionMessage().c_str(), status.exceptionCode());
-            auto pinfo = std::make_optional<KeyAttestationPackageInfo>(
-                String16(kUnknownPackageName), 1 /* version code */,
-                std::make_shared<KeyAttestationPackageInfo::SignaturesVector>());
-            key_attestation_id = KeyAttestationApplicationId(std::move(pinfo));
+
+            auto pinfo = KeyAttestationPackageInfo();
+            pinfo.packageName = String16(kUnknownPackageName);
+            pinfo.versionCode = 1;
+            key_attestation_id.packageInfos.push_back(std::move(pinfo));
         }
     }
 

keystore/tests/Android.bp

diff --git a/keystore/tests/Android.bp b/keystore/tests/Android.bp
index f51cc2f..e641f44 100644
--- a/keystore/tests/Android.bp
+++ b/keystore/tests/Android.bp
@@ -35,6 +35,7 @@
         "libutils",
     ],
     shared_libs: [
+        "android.security.aaid_aidl-cpp",
         "libbinder",
         "libkeymaster_messages",
         "libkeystore-attestation-application-id",

keystore/tests/aaid_truncation_test.cpp

diff --git a/keystore/tests/aaid_truncation_test.cpp b/keystore/tests/aaid_truncation_test.cpp
index fa4d769..3a94ec1 100644
--- a/keystore/tests/aaid_truncation_test.cpp
+++ b/keystore/tests/aaid_truncation_test.cpp
@@ -22,14 +22,14 @@
 #include <keymaster/logger.h>
 #include <keystore/keystore_attestation_id.h>
 
-#include <keystore/KeyAttestationApplicationId.h>
-#include <keystore/KeyAttestationPackageInfo.h>
-#include <keystore/Signature.h>
+#include <android/security/keystore/KeyAttestationApplicationId.h>
+#include <android/security/keystore/KeyAttestationPackageInfo.h>
+#include <android/security/keystore/Signature.h>
 
 using ::android::String16;
 using ::android::security::KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE;
-using ::android::security::keymaster::KeyAttestationApplicationId;
-using ::android::security::keymaster::KeyAttestationPackageInfo;
+using ::android::security::keystore::KeyAttestationApplicationId;
+using ::android::security::keystore::KeyAttestationPackageInfo;
 using std::vector;
 
 namespace keystore {
@@ -72,24 +72,27 @@
 
 }  // namespace
 
-using ::android::content::pm::Signature;
 using ::android::security::build_attestation_application_id;
+using ::android::security::keystore::Signature;
 
-std::optional<KeyAttestationPackageInfo>
-make_package_info_with_signatures(const char* package_name,
-                                  KeyAttestationPackageInfo::SignaturesVector signatures) {
-    return std::make_optional<KeyAttestationPackageInfo>(
-        String16(package_name), 1 /* version code */,
-        std::make_shared<KeyAttestationPackageInfo::SignaturesVector>(std::move(signatures)));
+KeyAttestationPackageInfo make_package_info_with_signatures(const char* package_name,
+                                                            std::vector<Signature> signatures) {
+    auto pInfo = KeyAttestationPackageInfo();
+    pInfo.packageName = String16(package_name);
+    pInfo.versionCode = 1;
+    std::move(signatures.begin(), signatures.end(), std::back_inserter(pInfo.signatures));
+
+    return pInfo;
 }
 
-std::optional<KeyAttestationPackageInfo> make_package_info(const char* package_name) {
-    return make_package_info_with_signatures(package_name,
-                                             KeyAttestationPackageInfo::SignaturesVector());
+KeyAttestationPackageInfo make_package_info(const char* package_name) {
+    return make_package_info_with_signatures(package_name, std::vector<Signature>());
 }
 
 TEST(AaidTruncationTest, shortPackageInfoTest) {
-    KeyAttestationApplicationId app_id(make_package_info(kDummyPackageName));
+    KeyAttestationApplicationId app_id;
+    auto pInfo = make_package_info(kDummyPackageName);
+    app_id.packageInfos.push_back(std::move(pInfo));
 
     auto result = build_attestation_application_id(app_id);
     ASSERT_TRUE(result.isOk());
@@ -98,7 +101,9 @@
 }
 
 TEST(AaidTruncationTest, tooLongPackageNameTest) {
-    KeyAttestationApplicationId app_id(make_package_info(kLongPackageName));
+    KeyAttestationApplicationId app_id;
+    auto pInfo = make_package_info(kLongPackageName);
+    app_id.packageInfos.push_back(std::move(pInfo));
 
     auto result = build_attestation_application_id(app_id);
     ASSERT_TRUE(result.isOk());
@@ -108,14 +113,17 @@
 
 TEST(AaidTruncationTest, tooManySignaturesTest) {
     std::vector<uint8_t> dummy_sig_data(kDummySignature, kDummySignature + 32);
-    KeyAttestationPackageInfo::SignaturesVector signatures;
+    std::vector<Signature> signatures;
     // Add 35 signatures which will surely exceed the 1K limit.
     for (size_t i = 0; i < kTooManySignatures; ++i) {
-        signatures.push_back(std::make_optional<Signature>(dummy_sig_data));
+        auto sign = Signature();
+        sign.data = dummy_sig_data;
+        signatures.push_back(std::move(sign));
     }
 
-    KeyAttestationApplicationId app_id(
-        make_package_info_with_signatures(kDummyPackageName, std::move(signatures)));
+    auto pInfo = make_package_info_with_signatures(kDummyPackageName, std::move(signatures));
+    KeyAttestationApplicationId app_id;
+    app_id.packageInfos.push_back(std::move(pInfo));
 
     auto result = build_attestation_application_id(app_id);
     ASSERT_TRUE(result.isOk());
@@ -125,19 +133,22 @@
 
 TEST(AaidTruncationTest, combinedPackagesAndSignaturesTest) {
     std::vector<uint8_t> dummy_sig_data(kDummySignature, kDummySignature + 32);
-    KeyAttestationApplicationId::PackageInfoVector packages;
+    ::std::vector<KeyAttestationPackageInfo> packages;
 
     for (size_t i = 0; i < kTooManyPackages; ++i) {
-        KeyAttestationPackageInfo::SignaturesVector signatures;
+        std::vector<Signature> signatures;
         // Add a few signatures for each package
         for (int j = 0; j < 3; ++j) {
-            signatures.push_back(std::make_optional<Signature>(dummy_sig_data));
+            auto sign = Signature();
+            sign.data = dummy_sig_data;
+            signatures.push_back(std::move(sign));
         }
-        packages.push_back(
-            make_package_info_with_signatures(kReasonablePackageName, std::move(signatures)));
+        packages.push_back(std::move(
+            make_package_info_with_signatures(kReasonablePackageName, std::move(signatures))));
     }
+    KeyAttestationApplicationId app_id;
+    std::move(packages.begin(), packages.end(), std::back_inserter(app_id.packageInfos));
 
-    KeyAttestationApplicationId app_id(std::move(packages));
     auto result = build_attestation_application_id(app_id);
     ASSERT_TRUE(result.isOk());
     std::vector<uint8_t>& encoded_app_id = result;

keystore/tests/fuzzer/Android.bp

diff --git a/keystore/tests/fuzzer/Android.bp b/keystore/tests/fuzzer/Android.bp
index 4116ae1..5df5c7a 100644
--- a/keystore/tests/fuzzer/Android.bp
+++ b/keystore/tests/fuzzer/Android.bp
@@ -55,6 +55,7 @@
         "libhidlbase",
     ],
     shared_libs: [
+        "android.security.aaid_aidl-cpp",
         "libbinder",
         "libcrypto",
         "libutils",

keystore/tests/fuzzer/keystoreApplicationId_fuzzer.cpp

diff --git a/keystore/tests/fuzzer/keystoreApplicationId_fuzzer.cpp b/keystore/tests/fuzzer/keystoreApplicationId_fuzzer.cpp
index 0eddb9a..9388001 100644
--- a/keystore/tests/fuzzer/keystoreApplicationId_fuzzer.cpp
+++ b/keystore/tests/fuzzer/keystoreApplicationId_fuzzer.cpp
@@ -15,9 +15,9 @@
  */
 
 #include "keystoreCommon.h"
-#include <keystore/KeyAttestationApplicationId.h>
+#include <android/security/keystore/KeyAttestationApplicationId.h>
 
-using ::security::keymaster::KeyAttestationApplicationId;
+using ::android::security::keystore::KeyAttestationApplicationId;
 
 constexpr size_t kPackageVectorSizeMin = 1;
 constexpr size_t kPackageVectorSizeMax = 10;
@@ -33,26 +33,37 @@
 };
 
 void KeystoreApplicationId::invokeApplicationId() {
-    std::optional<KeyAttestationApplicationId> applicationId;
+    KeyAttestationApplicationId applicationId;
     bool shouldUsePackageInfoVector = mFdp->ConsumeBool();
     if (shouldUsePackageInfoVector) {
-        KeyAttestationApplicationId::PackageInfoVector packageInfoVector;
+        ::std::vector<KeyAttestationPackageInfo> packageInfoVector;
         int32_t packageVectorSize =
             mFdp->ConsumeIntegralInRange<int32_t>(kPackageVectorSizeMin, kPackageVectorSizeMax);
         for (int32_t packageSize = 0; packageSize < packageVectorSize; ++packageSize) {
             auto packageInfoData = initPackageInfoData(mFdp.get());
-            packageInfoVector.push_back(make_optional<KeyAttestationPackageInfo>(
-                String16((packageInfoData.packageName).c_str()), packageInfoData.versionCode,
-                packageInfoData.sharedSignaturesVector));
+            auto pInfo = KeyAttestationPackageInfo();
+            pInfo.packageName = String16((packageInfoData.packageName).c_str());
+            pInfo.versionCode = packageInfoData.versionCode;
+            std::move(packageInfoData.sharedSignaturesVector->begin(),
+                      packageInfoData.sharedSignaturesVector->end(),
+                      std::back_inserter(pInfo.signatures));
+
+            packageInfoVector.push_back(std::move(pInfo));
         }
-        applicationId = KeyAttestationApplicationId(std::move(packageInfoVector));
+
+        std::move(packageInfoVector.begin(), packageInfoVector.end(),
+                  std::back_inserter(applicationId.packageInfos));
     } else {
         auto packageInfoData = initPackageInfoData(mFdp.get());
-        applicationId = KeyAttestationApplicationId(make_optional<KeyAttestationPackageInfo>(
-            String16((packageInfoData.packageName).c_str()), packageInfoData.versionCode,
-            packageInfoData.sharedSignaturesVector));
+        auto pInfo = KeyAttestationPackageInfo();
+        pInfo.packageName = String16((packageInfoData.packageName).c_str());
+        pInfo.versionCode = packageInfoData.versionCode;
+        std::move(packageInfoData.sharedSignaturesVector->begin(),
+                  packageInfoData.sharedSignaturesVector->end(),
+                  std::back_inserter(pInfo.signatures));
+        applicationId.packageInfos.push_back(std::move(pInfo));
     }
-    invokeReadWriteParcel(&applicationId.value());
+    invokeReadWriteParcel(&applicationId);
 }
 
 void KeystoreApplicationId::process(const uint8_t* data, size_t size) {

keystore/tests/fuzzer/keystoreCommon.h

diff --git a/keystore/tests/fuzzer/keystoreCommon.h b/keystore/tests/fuzzer/keystoreCommon.h
index e1265bf..77d39e0 100644
--- a/keystore/tests/fuzzer/keystoreCommon.h
+++ b/keystore/tests/fuzzer/keystoreCommon.h
@@ -16,18 +16,18 @@
 #ifndef KEYSTORECOMMON_H
 #define KEYSTORECOMMON_H
 
+#include <android/security/keystore/KeyAttestationPackageInfo.h>
+#include <android/security/keystore/Signature.h>
 #include <binder/Parcel.h>
 #include <binder/Parcelable.h>
-#include <keystore/KeyAttestationPackageInfo.h>
-#include <keystore/Signature.h>
 #include <vector>
 
 #include "fuzzer/FuzzedDataProvider.h"
 
 using namespace android;
 using namespace std;
-using ::content::pm::Signature;
-using ::security::keymaster::KeyAttestationPackageInfo;
+using ::android::security::keystore::KeyAttestationPackageInfo;
+using ::android::security::keystore::Signature;
 
 constexpr size_t kSignatureSizeMin = 1;
 constexpr size_t kSignatureSizeMax = 1000;
@@ -38,7 +38,7 @@
 struct PackageInfoData {
     string packageName;
     int64_t versionCode;
-    KeyAttestationPackageInfo::SharedSignaturesVector sharedSignaturesVector;
+    std::shared_ptr<std::vector<Signature>> sharedSignaturesVector;
 };
 
 inline void invokeReadWriteParcel(Parcelable* obj) {
@@ -60,18 +60,20 @@
     packageInfoData.versionCode = fdp->ConsumeIntegral<int64_t>();
     size_t signatureVectorSize =
         fdp->ConsumeIntegralInRange(kSignatureVectorSizeMin, kSignatureVectorSizeMax);
-    KeyAttestationPackageInfo::SignaturesVector signatureVector;
+    std::vector<Signature> signatureVector;
     for (size_t size = 0; size < signatureVectorSize; ++size) {
         bool shouldUseParameterizedConstructor = fdp->ConsumeBool();
         if (shouldUseParameterizedConstructor) {
             vector<uint8_t> signatureData = initSignatureData(fdp);
-            signatureVector.push_back(make_optional<Signature>(signatureData));
+            auto sign = Signature();
+            sign.data = signatureData;
+            signatureVector.push_back(std::move(sign));
         } else {
-            signatureVector.push_back(std::nullopt);
+            signatureVector.push_back(Signature());
         }
     }
     packageInfoData.sharedSignaturesVector =
-        make_shared<KeyAttestationPackageInfo::SignaturesVector>(std::move(signatureVector));
+        make_shared<std::vector<Signature>>(std::move(signatureVector));
     return packageInfoData;
 }
 #endif  // KEYSTORECOMMON_H

keystore/tests/fuzzer/keystorePackageInfo_fuzzer.cpp

diff --git a/keystore/tests/fuzzer/keystorePackageInfo_fuzzer.cpp b/keystore/tests/fuzzer/keystorePackageInfo_fuzzer.cpp
index 63899ff..f1e4204 100644
--- a/keystore/tests/fuzzer/keystorePackageInfo_fuzzer.cpp
+++ b/keystore/tests/fuzzer/keystorePackageInfo_fuzzer.cpp
@@ -28,9 +28,12 @@
 
 void KeystorePackageInfoFuzzer::invokePackageInfo() {
     auto packageInfoData = initPackageInfoData(mFdp.get());
-    KeyAttestationPackageInfo packageInfo(String16((packageInfoData.packageName).c_str()),
-                                          packageInfoData.versionCode,
-                                          packageInfoData.sharedSignaturesVector);
+    auto packageInfo = KeyAttestationPackageInfo();
+    packageInfo.packageName = String16((packageInfoData.packageName).c_str());
+    packageInfo.versionCode = packageInfoData.versionCode;
+    std::move(packageInfoData.sharedSignaturesVector->begin(),
+              packageInfoData.sharedSignaturesVector->end(),
+              std::back_inserter(packageInfo.signatures));
     invokeReadWriteParcel(&packageInfo);
 }
 

keystore/tests/fuzzer/keystoreSignature_fuzzer.cpp

diff --git a/keystore/tests/fuzzer/keystoreSignature_fuzzer.cpp b/keystore/tests/fuzzer/keystoreSignature_fuzzer.cpp
index b8f8a73..aab1f25 100644
--- a/keystore/tests/fuzzer/keystoreSignature_fuzzer.cpp
+++ b/keystore/tests/fuzzer/keystoreSignature_fuzzer.cpp
@@ -14,7 +14,9 @@
  * limitations under the License.
  */
 #include "keystoreCommon.h"
-#include <keystore/Signature.h>
+#include <android/security/keystore/Signature.h>
+
+using ::android::security::keystore::Signature;
 
 class KeystoreSignatureFuzzer {
   public:
@@ -27,15 +29,15 @@
 };
 
 void KeystoreSignatureFuzzer::invokeSignature() {
-    std::optional<Signature> signature;
+    Signature signature;
     bool shouldUseParameterizedConstructor = mFdp->ConsumeBool();
     if (shouldUseParameterizedConstructor) {
         std::vector<uint8_t> signatureData = initSignatureData(mFdp.get());
-        signature = Signature(signatureData);
+        signature.data = signatureData;
     } else {
         signature = Signature();
     }
-    invokeReadWriteParcel(&signature.value());
+    invokeReadWriteParcel(&signature);
 }
 
 void KeystoreSignatureFuzzer::process(const uint8_t* data, size_t size) {