Port credstore to IdentityCredential AIDL.
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I338b35f57f2bb7345c3f8f0c608c7a6213a0dc6b
diff --git a/identity/CredentialStore.cpp b/identity/CredentialStore.cpp
index b13a7b0..e3a825b 100644
--- a/identity/CredentialStore.cpp
+++ b/identity/CredentialStore.cpp
@@ -23,6 +23,7 @@
#include <binder/IPCThreadState.h>
#include "Credential.h"
+#include "CredentialData.h"
#include "CredentialStore.h"
#include "Util.h"
#include "WritableCredential.h"
@@ -31,39 +32,20 @@
namespace security {
namespace identity {
-using ::android::hardware::hidl_string;
-using ::android::hardware::hidl_vec;
-using ::android::hardware::identity::V1_0::Result;
-using ::android::hardware::identity::V1_0::ResultCode;
-
-using ::android::hardware::identity::V1_0::IWritableIdentityCredential;
-
CredentialStore::CredentialStore(const std::string& dataPath, sp<IIdentityCredentialStore> hal)
: dataPath_(dataPath), hal_(hal) {}
bool CredentialStore::init() {
- Result result;
- hal_->getHardwareInformation([&](const Result& _result, const hidl_string& credentialStoreName,
- const hidl_string& credentialStoreAuthorName,
- uint32_t _dataChunkSize, bool _isDirectAccess,
- const hidl_vec<hidl_string>& _supportedDocTypes) {
- result = _result;
- dataChunkSize_ = _dataChunkSize;
- isDirectAccess_ = _isDirectAccess;
- supportedDocTypes_.clear();
- for (auto& docType : _supportedDocTypes) {
- supportedDocTypes_.push_back(docType);
- }
- LOG(INFO) << "Connected to Identity Credential HAL with name '" << credentialStoreName
- << "' authored by '" << credentialStoreAuthorName << "' with chunk size "
- << _dataChunkSize << " and directoAccess set to "
- << (_isDirectAccess ? "true" : "false");
- });
- if (result.code != ResultCode::OK) {
- LOG(ERROR) << "Error getting hardware information: " << (int)result.code << ": "
- << result.message;
+ Status status = hal_->getHardwareInformation(&hwInfo_);
+ if (!status.isOk()) {
+ LOG(ERROR) << "Error getting hardware information: " << status.toString8();
return false;
}
+
+ LOG(INFO) << "Connected to Identity Credential HAL with name '" << hwInfo_.credentialStoreName
+ << "' authored by '" << hwInfo_.credentialStoreAuthorName << "' with chunk size "
+ << hwInfo_.dataChunkSize << " and directoAccess set to "
+ << (hwInfo_.isDirectAccess ? "true" : "false");
return true;
}
@@ -71,8 +53,8 @@
Status CredentialStore::getSecurityHardwareInfo(SecurityHardwareInfoParcel* _aidl_return) {
SecurityHardwareInfoParcel info;
- info.directAccess = isDirectAccess_;
- info.supportedDocTypes = supportedDocTypes_;
+ info.directAccess = hwInfo_.isDirectAccess;
+ info.supportedDocTypes = hwInfo_.supportedDocTypes;
*_aidl_return = info;
return Status::ok();
};
@@ -92,37 +74,26 @@
"Credential with given name already exists");
}
- if (supportedDocTypes_.size() > 0) {
- if (std::find(supportedDocTypes_.begin(), supportedDocTypes_.end(), docType) ==
- supportedDocTypes_.end()) {
+ if (hwInfo_.supportedDocTypes.size() > 0) {
+ if (std::find(hwInfo_.supportedDocTypes.begin(), hwInfo_.supportedDocTypes.end(),
+ docType) == hwInfo_.supportedDocTypes.end()) {
return Status::fromServiceSpecificError(ERROR_DOCUMENT_TYPE_NOT_SUPPORTED,
"No support for given document type");
}
}
- Result result;
sp<IWritableIdentityCredential> halWritableCredential;
- hal_->createCredential(
- docType, false,
- [&](const Result& _result, const sp<IWritableIdentityCredential>& _halWritableCredential) {
- result = _result;
- halWritableCredential = _halWritableCredential;
- });
- if (result.code != ResultCode::OK) {
- return halResultToGenericError(result);
+ Status status = hal_->createCredential(docType, false, &halWritableCredential);
+ if (!status.isOk()) {
+ return halStatusToGenericError(status);
}
sp<IWritableCredential> writableCredential = new WritableCredential(
- dataPath_, credentialName, docType, dataChunkSize_, halWritableCredential);
+ dataPath_, credentialName, docType, hwInfo_.dataChunkSize, halWritableCredential);
*_aidl_return = writableCredential;
return Status::ok();
}
-// Keep in sync with IdentityCredentialStore.java
-//
-
-const int CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 = 1;
-
Status CredentialStore::getCredentialByName(const std::string& credentialName, int32_t cipherSuite,
sp<ICredential>* _aidl_return) {
*_aidl_return = nullptr;
@@ -139,13 +110,9 @@
"Credential with given name doesn't exist");
}
- // We only support a single cipher-suite right now.
- if (cipherSuite != CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256) {
- return Status::fromServiceSpecificError(ERROR_CIPHER_SUITE_NOT_SUPPORTED,
- "Cipher suite not supported");
- }
-
- sp<Credential> credential = new Credential(dataPath_, credentialName);
+ // Note: IdentityCredentialStore.java's CipherSuite enumeration and CipherSuite from the
+ // HAL is manually kept in sync. So this cast is safe.
+ sp<Credential> credential = new Credential(CipherSuite(cipherSuite), dataPath_, credentialName);
Status loadStatus = credential->loadCredential(hal_);
if (!loadStatus.isOk()) {