identity/Session.cpp - android_system_security - Gitiles

 /*
  * Copyright (c) 2021, The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #define LOG_TAG "credstore"

 #include <android-base/logging.h>
 #include <android/binder_manager.h>
 #include <android/hardware/identity/support/IdentityCredentialSupport.h>

 #include <android/security/identity/ICredentialStore.h>
 #include <android/security/identity/ISession.h>

 #include "Session.h"
 #include "Util.h"

 namespace android {
 namespace security {
 namespace identity {

 using std::optional;

 using ::android::hardware::identity::IPresentationSession;
 using ::android::hardware::identity::IWritableIdentityCredential;

 using ::android::hardware::identity::support::ecKeyPairGetPkcs12;
 using ::android::hardware::identity::support::ecKeyPairGetPrivateKey;
 using ::android::hardware::identity::support::ecKeyPairGetPublicKey;
 using ::android::hardware::identity::support::hexdump;
 using ::android::hardware::identity::support::sha256;

 Status Session::getEphemeralKeyPair(vector<uint8_t>* _aidl_return) {
     vector<uint8_t> keyPair;
     Status status = halBinder_->getEphemeralKeyPair(&keyPair);
     if (!status.isOk()) {
         return halStatusToGenericError(status);
     }
     time_t nowSeconds = std::chrono::system_clock::to_time_t(std::chrono::system_clock::now());
     time_t validityNotBefore = nowSeconds;
     time_t validityNotAfter = nowSeconds + 24 * 60 * 60;
     optional<vector<uint8_t>> pkcs12Bytes = ecKeyPairGetPkcs12(keyPair,
                                                                "ephemeralKey",  // Alias for key
                                                                "0",  // Serial, as a decimal number
                                                                "Credstore",      // Issuer
                                                                "Ephemeral Key",  // Subject
                                                                validityNotBefore, validityNotAfter);
     if (!pkcs12Bytes) {
         return Status::fromServiceSpecificError(ICredentialStore::ERROR_GENERIC,
                                                 "Error creating PKCS#12 structure for key pair");
     }
     *_aidl_return = pkcs12Bytes.value();
     return Status::ok();
 }

 Status Session::setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) {
     Status status = halBinder_->setReaderEphemeralPublicKey(publicKey);
     if (!status.isOk()) {
         return halStatusToGenericError(status);
     }
     return Status::ok();
 }

 Status Session::setSessionTranscript(const vector<uint8_t>& sessionTranscript) {
     Status status = halBinder_->setSessionTranscript(sessionTranscript);
     if (!status.isOk()) {
         return halStatusToGenericError(status);
     }
     return Status::ok();
 }

 Status Session::getCredentialForPresentation(const string& credentialName,
                                              sp<ICredential>* _aidl_return) {
     return store_->getCredentialCommon(credentialName, cipherSuite_, halBinder_, _aidl_return);
 }

 Status Session::getAuthChallenge(int64_t* _aidl_return) {
     *_aidl_return = 0;
     int64_t authChallenge;
     Status status = halBinder_->getAuthChallenge(&authChallenge);
     if (!status.isOk()) {
         return halStatusToGenericError(status);
     }
     *_aidl_return = authChallenge;
     return Status::ok();
 }

 }  // namespace identity
 }  // namespace security
 }  // namespace android
	/*
	* Copyright (c) 2021, The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#define LOG_TAG "credstore"

	#include <android-base/logging.h>
	#include <android/binder_manager.h>
	#include <android/hardware/identity/support/IdentityCredentialSupport.h>

	#include <android/security/identity/ICredentialStore.h>
	#include <android/security/identity/ISession.h>

	#include "Session.h"
	#include "Util.h"

	namespace android {
	namespace security {
	namespace identity {

	using std::optional;

	using ::android::hardware::identity::IPresentationSession;
	using ::android::hardware::identity::IWritableIdentityCredential;

	using ::android::hardware::identity::support::ecKeyPairGetPkcs12;
	using ::android::hardware::identity::support::ecKeyPairGetPrivateKey;
	using ::android::hardware::identity::support::ecKeyPairGetPublicKey;
	using ::android::hardware::identity::support::hexdump;
	using ::android::hardware::identity::support::sha256;

	Status Session::getEphemeralKeyPair(vector<uint8_t>* _aidl_return) {
	vector<uint8_t> keyPair;
	Status status = halBinder_->getEphemeralKeyPair(&keyPair);
	if (!status.isOk()) {
	return halStatusToGenericError(status);
	}
	time_t nowSeconds = std::chrono::system_clock::to_time_t(std::chrono::system_clock::now());
	time_t validityNotBefore = nowSeconds;
	time_t validityNotAfter = nowSeconds + 24 * 60 * 60;
	optional<vector<uint8_t>> pkcs12Bytes = ecKeyPairGetPkcs12(keyPair,
	"ephemeralKey", // Alias for key
	"0", // Serial, as a decimal number
	"Credstore", // Issuer
	"Ephemeral Key", // Subject
	validityNotBefore, validityNotAfter);
	if (!pkcs12Bytes) {
	return Status::fromServiceSpecificError(ICredentialStore::ERROR_GENERIC,
	"Error creating PKCS#12 structure for key pair");
	}
	*_aidl_return = pkcs12Bytes.value();
	return Status::ok();
	}

	Status Session::setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) {
	Status status = halBinder_->setReaderEphemeralPublicKey(publicKey);
	if (!status.isOk()) {
	return halStatusToGenericError(status);
	}
	return Status::ok();
	}

	Status Session::setSessionTranscript(const vector<uint8_t>& sessionTranscript) {
	Status status = halBinder_->setSessionTranscript(sessionTranscript);
	if (!status.isOk()) {
	return halStatusToGenericError(status);
	}
	return Status::ok();
	}

	Status Session::getCredentialForPresentation(const string& credentialName,
	sp<ICredential>* _aidl_return) {
	return store_->getCredentialCommon(credentialName, cipherSuite_, halBinder_, _aidl_return);
	}

	Status Session::getAuthChallenge(int64_t* _aidl_return) {
	*_aidl_return = 0;
	int64_t authChallenge;
	Status status = halBinder_->getAuthChallenge(&authChallenge);
	if (!status.isOk()) {
	return halStatusToGenericError(status);
	}
	*_aidl_return = authChallenge;
	return Status::ok();
	}

	} // namespace identity
	} // namespace security
	} // namespace android