Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / a6f9fba382f9ca6c9346494b850bce7aeba9c5f5^! / . / identity / CredentialData.cpp
commita6f9fba382f9ca6c9346494b850bce7aeba9c5f5[log] [tgz]
authorDavid Zeuthen <zeuthen@google.com>Tue Feb 11 22:08:27 2020 -0500
committerDavid Zeuthen <zeuthen@google.com>Fri Feb 14 13:41:52 2020 -0500
tree933cf47f9341aa3314fc59e37041e83c7eb85293
parentc0ef4595c81db55ba45aa969a520c286ab35f1e5 [diff] [blame]
Port credstore to IdentityCredential AIDL.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I338b35f57f2bb7345c3f8f0c608c7a6213a0dc6b

diff --git a/identity/CredentialData.cpp b/identity/CredentialData.cpp
index 99dd04b..b4e6641 100644
--- a/identity/CredentialData.cpp
+++ b/identity/CredentialData.cpp

@@ -37,8 +37,6 @@
 namespace security {
 namespace identity {
 
-using android::hardware::identity::V1_0::Result;
-using android::hardware::identity::V1_0::ResultCode;
 using std::optional;
 
 string CredentialData::calculateCredentialFileName(const string& dataPath, uid_t ownerUid,
@@ -88,7 +86,7 @@
     for (const SecureAccessControlProfile& sacp : secureAccessControlProfiles_) {
         cppbor::Array array;
         array.add(sacp.id);
-        array.add((const vector<uint8_t>&)sacp.readerCertificate);
+        array.add(sacp.readerCertificate.encodedCertificate);
         array.add(sacp.userAuthenticationRequired);
         array.add(sacp.timeoutMillis);
         array.add(sacp.secureUserId);
@@ -107,7 +105,7 @@
         cppbor::Array entryDataArray;
         entryDataArray.add(entryData.size);
         cppbor::Array idsArray;
-        for (uint16_t id : entryData.accessControlProfileIds) {
+        for (int32_t id : entryData.accessControlProfileIds) {
             idsArray.add(id);
         }
         entryDataArray.add(std::move(idsArray));
@@ -159,7 +157,7 @@
     }
     SecureAccessControlProfile sacp;
     sacp.id = itemId->value();
-    sacp.readerCertificate = itemReaderCertificate->value();
+    sacp.readerCertificate.encodedCertificate = itemReaderCertificate->value();
     sacp.userAuthenticationRequired = itemUserAuthenticationRequired->value();
     sacp.timeoutMillis = itemTimeoutMillis->value();
     sacp.secureUserId = itesecureUserId_->value();
@@ -195,14 +193,14 @@
     return authKeyData;
 }
 
-vector<uint16_t> parseAccessControlProfileIds(const cppbor::Item& item) {
+vector<int32_t> parseAccessControlProfileIds(const cppbor::Item& item) {
     const cppbor::Array* array = item.asArray();
     if (array == nullptr) {
         LOG(ERROR) << "The accessControlProfileIds member is not an array";
         return {};
     }
 
-    vector<uint16_t> accessControlProfileIds;
+    vector<int32_t> accessControlProfileIds;
     for (size_t n = 0; n < array->size(); n++) {
         const cppbor::Int* itemInt = ((*array)[n])->asInt();
         if (itemInt == nullptr) {
@@ -336,7 +334,7 @@
                 }
                 uint64_t entrySize = ecEntrySizeItem->value();
 
-                optional<vector<uint16_t>> accessControlProfileIds =
+                optional<vector<int32_t>> accessControlProfileIds =
                     parseAccessControlProfileIds(*(*ecEntryArrayItem)[1]);
                 if (!accessControlProfileIds) {
                     LOG(ERROR) << "Error parsing access control profile ids";
@@ -391,8 +389,13 @@
         }
     }
 
-    if (credentialData_.size() == 0 || attestationCertificate_.size() == 0) {
-        LOG(ERROR) << "Missing credentialData or attestationCertificate";
+    if (credentialData_.size() == 0) {
+        LOG(ERROR) << "Missing credentialData";
+        return false;
+    }
+
+    if (attestationCertificate_.size() == 0) {
+        LOG(ERROR) << "Missing attestationCertificate";
         return false;
     }
 
@@ -511,8 +514,8 @@
     return candidate;
 }
 
-optional<vector<vector<uint8_t>>> CredentialData::getAuthKeysNeedingCertification(
-    const sp<android::hardware::identity::V1_0::IIdentityCredential>& halBinder) {
+optional<vector<vector<uint8_t>>>
+CredentialData::getAuthKeysNeedingCertification(const sp<IIdentityCredential>& halBinder) {
 
     vector<vector<uint8_t>> keysNeedingCert;
 
@@ -520,22 +523,14 @@
         bool newKeyNeeded = (data.certificate.size() == 0) || (data.useCount >= maxUsesPerKey_);
         bool certificationPending = (data.pendingCertificate.size() > 0);
         if (newKeyNeeded && !certificationPending) {
-            Result result;
             vector<uint8_t> signingKeyBlob;
-            vector<uint8_t> signingKeyCertificate;
-            halBinder->generateSigningKeyPair(
-                [&](const Result& _result,
-                    const android::hardware::hidl_vec<uint8_t> _signingKeyBlob,
-                    const android::hardware::hidl_vec<uint8_t> _signingKeyCertificate) {
-                    result = _result;
-                    signingKeyBlob = _signingKeyBlob;
-                    signingKeyCertificate = _signingKeyCertificate;
-                });
-            if (result.code != ResultCode::OK) {
+            Certificate signingKeyCertificate;
+            if (!halBinder->generateSigningKeyPair(&signingKeyBlob, &signingKeyCertificate)
+                     .isOk()) {
                 LOG(ERROR) << "Error generating signing key-pair";
                 return {};
             }
-            data.pendingCertificate = signingKeyCertificate;
+            data.pendingCertificate = signingKeyCertificate.encodedCertificate;
             data.pendingKeyBlob = signingKeyBlob;
             certificationPending = true;
         }