• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2019, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef ANDROID_HARDWARE_IDENTITY_IDENTITYCREDENTIAL_H
18 #define ANDROID_HARDWARE_IDENTITY_IDENTITYCREDENTIAL_H
19 
20 #include <aidl/android/hardware/identity/BnIdentityCredential.h>
21 #include <aidl/android/hardware/keymaster/HardwareAuthToken.h>
22 #include <aidl/android/hardware/keymaster/VerificationToken.h>
23 #include <android/hardware/identity/support/IdentityCredentialSupport.h>
24 
25 #include <map>
26 #include <set>
27 #include <string>
28 #include <vector>
29 
30 #include <cppbor/cppbor.h>
31 
32 namespace aidl::android::hardware::identity {
33 
34 using ::aidl::android::hardware::keymaster::HardwareAuthToken;
35 using ::aidl::android::hardware::keymaster::VerificationToken;
36 using ::std::map;
37 using ::std::set;
38 using ::std::string;
39 using ::std::vector;
40 
41 class IdentityCredential : public BnIdentityCredential {
42   public:
IdentityCredential(const vector<uint8_t> & credentialData)43     IdentityCredential(const vector<uint8_t>& credentialData)
44         : credentialData_(credentialData),
45           numStartRetrievalCalls_(0),
46           authChallenge_(0),
47           expectedDeviceNameSpacesSize_(0) {}
48 
49     // Parses and decrypts credentialData_, return a status code from
50     // IIdentityCredentialStore. Must be called right after construction.
51     int initialize();
52 
53     // Methods from IIdentityCredential follow.
54     ndk::ScopedAStatus deleteCredential(vector<int8_t>* outProofOfDeletionSignature) override;
55     ndk::ScopedAStatus createEphemeralKeyPair(vector<int8_t>* outKeyPair) override;
56     ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<int8_t>& publicKey) override;
57     ndk::ScopedAStatus createAuthChallenge(int64_t* outChallenge) override;
58     ndk::ScopedAStatus setRequestedNamespaces(
59             const vector<RequestNamespace>& requestNamespaces) override;
60     ndk::ScopedAStatus setVerificationToken(const VerificationToken& verificationToken) override;
61     ndk::ScopedAStatus startRetrieval(
62             const vector<SecureAccessControlProfile>& accessControlProfiles,
63             const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequest,
64             const vector<int8_t>& signingKeyBlob, const vector<int8_t>& sessionTranscript,
65             const vector<int8_t>& readerSignature, const vector<int32_t>& requestCounts) override;
66     ndk::ScopedAStatus startRetrieveEntryValue(
67             const string& nameSpace, const string& name, int32_t entrySize,
68             const vector<int32_t>& accessControlProfileIds) override;
69     ndk::ScopedAStatus retrieveEntryValue(const vector<int8_t>& encryptedContent,
70                                           vector<int8_t>* outContent) override;
71     ndk::ScopedAStatus finishRetrieval(vector<int8_t>* outMac,
72                                        vector<int8_t>* outDeviceNameSpaces) override;
73     ndk::ScopedAStatus generateSigningKeyPair(vector<int8_t>* outSigningKeyBlob,
74                                               Certificate* outSigningKeyCertificate) override;
75 
76   private:
77     // Set by constructor
78     vector<uint8_t> credentialData_;
79     int numStartRetrievalCalls_;
80 
81     // Set by initialize()
82     string docType_;
83     bool testCredential_;
84     vector<uint8_t> storageKey_;
85     vector<uint8_t> credentialPrivKey_;
86 
87     // Set by createEphemeralKeyPair()
88     vector<uint8_t> ephemeralPublicKey_;
89 
90     // Set by setReaderEphemeralPublicKey()
91     vector<uint8_t> readerPublicKey_;
92 
93     // Set by createAuthChallenge()
94     uint64_t authChallenge_;
95 
96     // Set by setRequestedNamespaces()
97     vector<RequestNamespace> requestNamespaces_;
98 
99     // Set by setVerificationToken().
100     VerificationToken verificationToken_;
101 
102     // Set at startRetrieval() time.
103     map<int32_t, int> profileIdToAccessCheckResult_;
104     vector<uint8_t> signingKeyBlob_;
105     vector<uint8_t> sessionTranscript_;
106     vector<uint8_t> itemsRequest_;
107     vector<int32_t> requestCountsRemaining_;
108     map<string, set<string>> requestedNameSpacesAndNames_;
109     cppbor::Map deviceNameSpacesMap_;
110     cppbor::Map currentNameSpaceDeviceNameSpacesMap_;
111 
112     // Calculated at startRetrieval() time.
113     size_t expectedDeviceNameSpacesSize_;
114 
115     // Set at startRetrieveEntryValue() time.
116     string currentNameSpace_;
117     string currentName_;
118     size_t entryRemainingBytes_;
119     vector<uint8_t> entryValue_;
120     vector<uint8_t> entryAdditionalData_;
121 
122     size_t calcDeviceNameSpacesSize();
123 };
124 
125 }  // namespace aidl::android::hardware::identity
126 
127 #endif  // ANDROID_HARDWARE_IDENTITY_IDENTITYCREDENTIAL_H
128