Restructuring of AAID using aidl_interface build system.
Making changes to use cpp backend generated by aidl_interface
build system for KeyAttestationApplicationProvider.
Removed custom parcelables defined for AAID.
Updated the tests to use the aidl_interface generated bindings.
Bug: 267452060
Test: atest android.keystore.cts.KeyAttestationTest; atest
keystore_unit_tests; keystoreSignature_fuzzer;
keystorePackageInfo_fuzzer; keystoreApplicationId_fuzzer;
keystoreAttestationId_fuzzer
Change-Id: Ibdfb8e2837538d01a04b6771b1a71c38529d1307
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index 8eade97..1534be1 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -29,11 +29,11 @@
#include <binder/Parcelable.h>
#include <binder/PersistableBundle.h>
-#include <android/security/keymaster/BpKeyAttestationApplicationIdProvider.h>
-#include <android/security/keymaster/IKeyAttestationApplicationIdProvider.h>
-#include <keystore/KeyAttestationApplicationId.h>
-#include <keystore/KeyAttestationPackageInfo.h>
-#include <keystore/Signature.h>
+#include <android/security/keystore/BpKeyAttestationApplicationIdProvider.h>
+#include <android/security/keystore/IKeyAttestationApplicationIdProvider.h>
+#include <android/security/keystore/KeyAttestationApplicationId.h>
+#include <android/security/keystore/KeyAttestationPackageInfo.h>
+#include <android/security/keystore/Signature.h>
#include <private/android_filesystem_config.h> /* for AID_SYSTEM */
@@ -50,13 +50,13 @@
constexpr const char* kAttestationSystemPackageName = "AndroidSystem";
constexpr const char* kUnknownPackageName = "UnknownPackage";
-std::vector<uint8_t> signature2SHA256(const content::pm::Signature& sig) {
+std::vector<uint8_t> signature2SHA256(const security::keystore::Signature& sig) {
std::vector<uint8_t> digest_buffer(SHA256_DIGEST_LENGTH);
- SHA256(sig.data().data(), sig.data().size(), digest_buffer.data());
+ SHA256(sig.data.data(), sig.data.size(), digest_buffer.data());
return digest_buffer;
}
-using ::android::security::keymaster::BpKeyAttestationApplicationIdProvider;
+using ::android::security::keystore::BpKeyAttestationApplicationIdProvider;
class KeyAttestationApplicationIdProvider : public BpKeyAttestationApplicationIdProvider {
public:
@@ -141,8 +141,8 @@
namespace security {
namespace {
-using ::android::security::keymaster::KeyAttestationApplicationId;
-using ::android::security::keymaster::KeyAttestationPackageInfo;
+using ::android::security::keystore::KeyAttestationApplicationId;
+using ::android::security::keystore::KeyAttestationPackageInfo;
status_t build_attestation_package_info(const KeyAttestationPackageInfo& pinfo,
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO>* attestation_package_info_ptr) {
@@ -153,12 +153,12 @@
attestation_package_info.reset(KM_ATTESTATION_PACKAGE_INFO_new());
if (!attestation_package_info.get()) return NO_MEMORY;
- if (!pinfo.package_name()) {
+ if (!pinfo.packageName) {
ALOGE("Key attestation package info lacks package name");
return BAD_VALUE;
}
- std::string pkg_name(String8(*pinfo.package_name()).c_str());
+ std::string pkg_name(String8(pinfo.packageName).c_str());
if (!ASN1_OCTET_STRING_set(attestation_package_info->package_name,
reinterpret_cast<const unsigned char*>(pkg_name.data()),
pkg_name.size())) {
@@ -169,7 +169,7 @@
if (bn_version == nullptr) {
return NO_MEMORY;
}
- if (BN_set_u64(bn_version, static_cast<uint64_t>(pinfo.version_code())) != 1) {
+ if (BN_set_u64(bn_version, static_cast<uint64_t>(pinfo.versionCode)) != 1) {
BN_free(bn_version);
return UNKNOWN_ERROR;
}
@@ -201,15 +201,16 @@
auto attestation_pinfo_stack = reinterpret_cast<_STACK*>(attestation_id->package_infos);
- if (key_attestation_id.pinfos_begin() == key_attestation_id.pinfos_end()) return BAD_VALUE;
+ if (key_attestation_id.packageInfos.begin() == key_attestation_id.packageInfos.end())
+ return BAD_VALUE;
- for (auto pinfo = key_attestation_id.pinfos_begin(); pinfo != key_attestation_id.pinfos_end();
- ++pinfo) {
- if (!pinfo->package_name()) {
+ for (auto pinfo = key_attestation_id.packageInfos.begin();
+ pinfo != key_attestation_id.packageInfos.end(); ++pinfo) {
+ if (!pinfo->packageName) {
ALOGE("Key attestation package info lacks package name");
return BAD_VALUE;
}
- std::string package_name(String8(*pinfo->package_name()).c_str());
+ std::string package_name(String8(pinfo->packageName).c_str());
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO> attestation_package_info;
auto rc = build_attestation_package_info(*pinfo, &attestation_package_info);
if (rc != NO_ERROR) {
@@ -231,10 +232,10 @@
* signature field actually holds the signing certificate, rather than a signature, we can
* simply use the set of signature digests of the first package info.
*/
- const auto& pinfo = *key_attestation_id.pinfos_begin();
+ const auto& pinfo = *key_attestation_id.packageInfos.begin();
std::vector<std::vector<uint8_t>> signature_digests;
- for (auto sig = pinfo.sigs_begin(); sig != pinfo.sigs_end(); ++sig) {
+ for (auto sig = pinfo.signatures.begin(); sig != pinfo.signatures.end(); ++sig) {
signature_digests.push_back(signature2SHA256(*sig));
}
@@ -271,10 +272,10 @@
if (uid == AID_SYSTEM) {
/* Use a fixed ID for system callers */
- auto pinfo = std::make_optional<KeyAttestationPackageInfo>(
- String16(kAttestationSystemPackageName), 1 /* version code */,
- std::make_shared<KeyAttestationPackageInfo::SignaturesVector>());
- key_attestation_id = KeyAttestationApplicationId(std::move(pinfo));
+ auto pinfo = KeyAttestationPackageInfo();
+ pinfo.packageName = String16(kAttestationSystemPackageName);
+ pinfo.versionCode = 1;
+ key_attestation_id.packageInfos.push_back(std::move(pinfo));
} else {
/* Get the attestation application ID from package manager */
auto& pm = KeyAttestationApplicationIdProvider::get();
@@ -284,10 +285,11 @@
if (!status.isOk()) {
ALOGW("package manager request for key attestation ID failed with: %s %d",
status.exceptionMessage().c_str(), status.exceptionCode());
- auto pinfo = std::make_optional<KeyAttestationPackageInfo>(
- String16(kUnknownPackageName), 1 /* version code */,
- std::make_shared<KeyAttestationPackageInfo::SignaturesVector>());
- key_attestation_id = KeyAttestationApplicationId(std::move(pinfo));
+
+ auto pinfo = KeyAttestationPackageInfo();
+ pinfo.packageName = String16(kUnknownPackageName);
+ pinfo.versionCode = 1;
+ key_attestation_id.packageInfos.push_back(std::move(pinfo));
}
}