Add support for RKP to credstore
Call out to keystore and request remotely provisioned attestation keys.
This reduces our dependence on factory-provisioned attestation keys.
Test: CtsIdentityTestCases
Bug: 194696876
Change-Id: Ief07750ef6b2a465060c64207063568b9a51af68
diff --git a/identity/CredentialStore.h b/identity/CredentialStore.h
index f2aa506..df7928e 100644
--- a/identity/CredentialStore.h
+++ b/identity/CredentialStore.h
@@ -21,8 +21,8 @@
#include <vector>
#include <android/hardware/identity/IIdentityCredentialStore.h>
-
#include <android/security/identity/BnCredentialStore.h>
+#include <android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.h>
namespace android {
namespace security {
@@ -38,6 +38,8 @@
using ::android::hardware::identity::HardwareInformation;
using ::android::hardware::identity::IIdentityCredentialStore;
using ::android::hardware::identity::IPresentationSession;
+using ::android::hardware::identity::IWritableIdentityCredential;
+using ::android::security::remoteprovisioning::IRemotelyProvisionedKeyPool;
class CredentialStore : public BnCredentialStore {
public:
@@ -64,11 +66,15 @@
Status createPresentationSession(int32_t cipherSuite, sp<ISession>* _aidl_return) override;
private:
+ Status setRemotelyProvisionedAttestationKey(IWritableIdentityCredential* halWritableCredential);
+
string dataPath_;
sp<IIdentityCredentialStore> hal_;
int halApiVersion_;
+ sp<IRemotelyProvisionedKeyPool> keyPool_;
+
HardwareInformation hwInfo_;
};