Factor keystore_attestation_id into library and also use this in credstore.
This was needed because credstore needs to generate and pass the
generated AttestationApplicationId to the Identity Credential HAL.
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: Id22b85ca083e23c7e1fbd3459910fba37a5db137
diff --git a/identity/Android.bp b/identity/Android.bp
index 240e107..ad9bd72 100644
--- a/identity/Android.bp
+++ b/identity/Android.bp
@@ -37,6 +37,7 @@
"libhidlbase",
"android.hardware.identity-support-lib",
"libkeymaster4support",
+ "libkeystore-attestation-application-id",
],
static_libs: [
"libcppbor",
diff --git a/identity/WritableCredential.cpp b/identity/WritableCredential.cpp
index f58ec16..86c604d 100644
--- a/identity/WritableCredential.cpp
+++ b/identity/WritableCredential.cpp
@@ -17,15 +17,12 @@
#define LOG_TAG "WritableCredential"
#include <android-base/logging.h>
-
#include <android/hardware/identity/support/IdentityCredentialSupport.h>
-
#include <android/security/identity/ICredentialStore.h>
-
#include <binder/IPCThreadState.h>
-
#include <cppbor.h>
#include <cppbor_parse.h>
+#include <keystore/keystore_attestation_id.h>
#include "CredentialData.h"
#include "Util.h"
@@ -60,11 +57,23 @@
return Status::ok();
}
+ const int32_t callingUid = IPCThreadState::self()->getCallingUid();
+ auto asn1AttestationId = android::security::gather_attestation_application_id(callingUid);
+ if (!asn1AttestationId.isOk()) {
+ LOG(ERROR) << "Failed gathering AttestionApplicationId";
+ return Status::fromServiceSpecificError(ICredentialStore::ERROR_GENERIC,
+ "Failed gathering AttestionApplicationId");
+ }
+
Result result;
halBinder_->getAttestationCertificate(
- challenge, [&](const Result& _result, const hidl_vec<uint8_t>& _attestationCertificate) {
+ asn1AttestationId.value(), challenge,
+ [&](const Result& _result, const hidl_vec<hidl_vec<uint8_t>>& _splitCerts) {
result = _result;
- attestationCertificate = _attestationCertificate;
+ vector<vector<uint8_t>> splitCerts;
+ std::copy(_splitCerts.begin(), _splitCerts.end(), std::back_inserter(splitCerts));
+ attestationCertificate =
+ ::android::hardware::identity::support::certificateChainJoin(splitCerts);
});
if (result.code != ResultCode::OK) {
LOG(ERROR) << "Error calling getAttestationCertificate()";
diff --git a/keystore/Android.bp b/keystore/Android.bp
index f3a7531..c0aeeda 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -29,7 +29,6 @@
defaults: ["keystore_defaults"],
srcs: [
- ":IKeyAttestationApplicationIdProvider.aidl",
"KeyStore.cpp",
"auth_token_table.cpp",
"blob.cpp",
@@ -41,7 +40,6 @@
"keyblob_utils.cpp",
"keymaster_enforcement.cpp",
"keymaster_worker.cpp",
- "keystore_attestation_id.cpp",
"keystore_main.cpp",
"keystore_utils.cpp",
"legacy_keymaster_device_wrapper.cpp",
@@ -64,6 +62,7 @@
"libkeymaster4support",
"libkeymaster_messages",
"libkeymaster_portable",
+ "libkeystore-attestation-application-id",
"libkeystore_aidl",
"libkeystore_binder",
"libkeystore_parcelables",
@@ -144,13 +143,10 @@
defaults: ["keystore_defaults"],
export_include_dirs: ["include"],
srcs: [
- "KeyAttestationApplicationId.cpp",
- "KeyAttestationPackageInfo.cpp",
"KeymasterArguments.cpp",
"keystore_aidl_hidl_marshalling_utils.cpp",
"KeystoreResponse.cpp",
"OperationResult.cpp",
- "Signature.cpp",
],
shared_libs: [
"android.hardware.keymaster@4.0",
@@ -161,6 +157,7 @@
"liblog",
"libprotobuf-cpp-lite",
"libutils",
+ "libkeystore-attestation-application-id",
],
export_shared_lib_headers: [
"android.hardware.keymaster@4.0",
@@ -210,6 +207,31 @@
],
}
+// Library used by both keystore and credstore for generating the ASN.1 stored
+// in Tag::ATTESTATION_APPLICATION_ID
+cc_library_shared {
+ name: "libkeystore-attestation-application-id",
+ defaults: ["keystore_defaults"],
+
+ srcs: [
+ ":IKeyAttestationApplicationIdProvider.aidl",
+ "keystore_attestation_id.cpp",
+ "KeyAttestationApplicationId.cpp",
+ "KeyAttestationPackageInfo.cpp",
+ "Signature.cpp",
+ ],
+ shared_libs: [
+ "libbase",
+ "libbinder",
+ "libhidlbase",
+ "liblog",
+ "libutils",
+ "libcrypto",
+ ],
+
+ export_include_dirs: ["include"],
+}
+
// Library for keystore clients using the WiFi HIDL interface
cc_library_shared {
name: "libkeystore-wifi-hidl",
@@ -235,13 +257,8 @@
defaults: ["keystore_defaults"],
srcs: [
- ":IKeyAttestationApplicationIdProvider.aidl",
"auth_token_table.cpp",
"blob.cpp",
- "keystore_attestation_id.cpp",
- "KeyAttestationApplicationId.cpp",
- "KeyAttestationPackageInfo.cpp",
- "Signature.cpp",
],
cflags: [ "-O0", ],
static_libs: ["libgtest_main"],
@@ -251,6 +268,7 @@
"libcrypto",
"libhidlbase",
"libkeymaster4support",
+ "libkeystore-attestation-application-id",
"libutils",
"libkeystore_aidl",
"libkeystore_parcelables",
diff --git a/keystore/keystore_attestation_id.h b/keystore/include/keystore/keystore_attestation_id.h
similarity index 98%
rename from keystore/keystore_attestation_id.h
rename to keystore/include/keystore/keystore_attestation_id.h
index 63015ee..238f4b1 100644
--- a/keystore/keystore_attestation_id.h
+++ b/keystore/include/keystore/keystore_attestation_id.h
@@ -51,7 +51,7 @@
::android::status_t status() const { return _status; }
- const T& value() const & { return _value; }
+ const T& value() const& { return _value; }
T& value() & { return _value; }
T&& value() && { return std::move(_value); }
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 5bc5a78..01489d9 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -42,9 +42,9 @@
#include "defaults.h"
#include "key_proto_handler.h"
-#include "keystore_attestation_id.h"
#include "keystore_keymaster_enforcement.h"
#include "keystore_utils.h"
+#include <keystore/keystore_attestation_id.h>
#include <keystore/keystore_hidl_support.h>
#include <keystore/keystore_return_types.h>
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index b48639f..3d9e87e 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -13,7 +13,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#include "keystore_attestation_id.h"
+
+#include <keystore/keystore_attestation_id.h>
#define LOG_TAG "keystore_att_id"
diff --git a/keystore/tests/Android.bp b/keystore/tests/Android.bp
index bbcc1c2..edeb8e5 100644
--- a/keystore/tests/Android.bp
+++ b/keystore/tests/Android.bp
@@ -31,6 +31,7 @@
shared_libs: [
"libbinder",
"libkeymaster_messages",
+ "libkeystore-attestation-application-id",
"libvndksupport",
],
sanitize: {
diff --git a/keystore/tests/aaid_truncation_test.cpp b/keystore/tests/aaid_truncation_test.cpp
index e5d5e9f..45c54df 100644
--- a/keystore/tests/aaid_truncation_test.cpp
+++ b/keystore/tests/aaid_truncation_test.cpp
@@ -19,8 +19,8 @@
#include <string>
#include <utils/String16.h>
-#include "../keystore_attestation_id.h"
#include <keymaster/logger.h>
+#include <keystore/keystore_attestation_id.h>
#include <keystore/KeyAttestationApplicationId.h>
#include <keystore/KeyAttestationPackageInfo.h>