Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / f2a28671b0dd117d92f480fba3c75375edb34a5d^! / . / identity / WritableCredential.cpp
commitf2a28671b0dd117d92f480fba3c75375edb34a5d[log] [tgz]
authorDavid Zeuthen <zeuthen@google.com>Thu Jan 30 16:20:07 2020 -0500
committerDavid Zeuthen <zeuthen@google.com>Fri Jan 31 16:23:30 2020 -0500
tree9c83505e240dda4f2c38a5607b7ad67bb538eff3
parent662e346347345b90298ba73a90749ed29c03c854 [diff] [blame]
Factor keystore_attestation_id into library and also use this in credstore.

This was needed because credstore needs to generate and pass the
generated AttestationApplicationId to the Identity Credential HAL.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: Id22b85ca083e23c7e1fbd3459910fba37a5db137

diff --git a/identity/WritableCredential.cpp b/identity/WritableCredential.cpp
index f58ec16..86c604d 100644
--- a/identity/WritableCredential.cpp
+++ b/identity/WritableCredential.cpp

@@ -17,15 +17,12 @@
 #define LOG_TAG "WritableCredential"
 
 #include <android-base/logging.h>
-
 #include <android/hardware/identity/support/IdentityCredentialSupport.h>
-
 #include <android/security/identity/ICredentialStore.h>
-
 #include <binder/IPCThreadState.h>
-
 #include <cppbor.h>
 #include <cppbor_parse.h>
+#include <keystore/keystore_attestation_id.h>
 
 #include "CredentialData.h"
 #include "Util.h"
@@ -60,11 +57,23 @@
         return Status::ok();
     }
 
+    const int32_t callingUid = IPCThreadState::self()->getCallingUid();
+    auto asn1AttestationId = android::security::gather_attestation_application_id(callingUid);
+    if (!asn1AttestationId.isOk()) {
+        LOG(ERROR) << "Failed gathering AttestionApplicationId";
+        return Status::fromServiceSpecificError(ICredentialStore::ERROR_GENERIC,
+                                                "Failed gathering AttestionApplicationId");
+    }
+
     Result result;
     halBinder_->getAttestationCertificate(
-        challenge, [&](const Result& _result, const hidl_vec<uint8_t>& _attestationCertificate) {
+        asn1AttestationId.value(), challenge,
+        [&](const Result& _result, const hidl_vec<hidl_vec<uint8_t>>& _splitCerts) {
             result = _result;
-            attestationCertificate = _attestationCertificate;
+            vector<vector<uint8_t>> splitCerts;
+            std::copy(_splitCerts.begin(), _splitCerts.end(), std::back_inserter(splitCerts));
+            attestationCertificate =
+                ::android::hardware::identity::support::certificateChainJoin(splitCerts);
         });
     if (result.code != ResultCode::OK) {
         LOG(ERROR) << "Error calling getAttestationCertificate()";