mirror of
https://github.com/Evolution-X/hardware_interfaces
synced 2026-02-01 11:36:00 +00:00
be32113307
Revert "Add dependency on keymint cpp lib" Revert "Allow default identity service to call keymint" Revert submission 1956689-add rkp to identity-default Reason for revert: Broke git-master. Will resubmit later. Reverted Changes: I96dcf3027:Add remote key provisioning to the IC HAL Id686ac33a:Add dependency on keymint cpp lib Ib368a2a00:Log to logd in the default identity service I7d2906de0:Refactor IC support for RKP Iae0f14f1c:Fix formatting of identity credential aidl I01d086a4b:Allow default identity service to call keymint Change-Id: I76a898c04090c5befe5fb5a5d07ec2e397fdd8b3
98 lines
4.1 KiB
C++
98 lines
4.1 KiB
C++
/*
|
|
* Copyright 2019, The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#define LOG_TAG "IdentityCredentialStore"
|
|
|
|
#include <android-base/logging.h>
|
|
|
|
#include "IdentityCredential.h"
|
|
#include "IdentityCredentialStore.h"
|
|
#include "PresentationSession.h"
|
|
#include "WritableIdentityCredential.h"
|
|
|
|
namespace aidl::android::hardware::identity {
|
|
|
|
ndk::ScopedAStatus IdentityCredentialStore::getHardwareInformation(
|
|
HardwareInformation* hardwareInformation) {
|
|
HardwareInformation hw;
|
|
hw.credentialStoreName = "Identity Credential Reference Implementation";
|
|
hw.credentialStoreAuthorName = "Google";
|
|
hw.dataChunkSize = kGcmChunkSize;
|
|
hw.isDirectAccess = false;
|
|
hw.supportedDocTypes = {};
|
|
*hardwareInformation = hw;
|
|
return ndk::ScopedAStatus::ok();
|
|
}
|
|
|
|
ndk::ScopedAStatus IdentityCredentialStore::createCredential(
|
|
const string& docType, bool testCredential,
|
|
shared_ptr<IWritableIdentityCredential>* outWritableCredential) {
|
|
sp<SecureHardwareProvisioningProxy> hwProxy = hwProxyFactory_->createProvisioningProxy();
|
|
shared_ptr<WritableIdentityCredential> wc =
|
|
ndk::SharedRefBase::make<WritableIdentityCredential>(hwProxy, docType, testCredential);
|
|
if (!wc->initialize()) {
|
|
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
|
|
IIdentityCredentialStore::STATUS_FAILED,
|
|
"Error initializing WritableIdentityCredential"));
|
|
}
|
|
*outWritableCredential = wc;
|
|
return ndk::ScopedAStatus::ok();
|
|
}
|
|
|
|
ndk::ScopedAStatus IdentityCredentialStore::getCredential(
|
|
CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
|
|
shared_ptr<IIdentityCredential>* outCredential) {
|
|
// We only support CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 right now.
|
|
if (cipherSuite != CipherSuite::CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256) {
|
|
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
|
|
IIdentityCredentialStore::STATUS_CIPHER_SUITE_NOT_SUPPORTED,
|
|
"Unsupported cipher suite"));
|
|
}
|
|
|
|
shared_ptr<IdentityCredential> credential = ndk::SharedRefBase::make<IdentityCredential>(
|
|
hwProxyFactory_, credentialData, nullptr /* session */);
|
|
auto ret = credential->initialize();
|
|
if (ret != IIdentityCredentialStore::STATUS_OK) {
|
|
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
|
|
int(ret), "Error initializing IdentityCredential"));
|
|
}
|
|
*outCredential = credential;
|
|
return ndk::ScopedAStatus::ok();
|
|
}
|
|
|
|
ndk::ScopedAStatus IdentityCredentialStore::createPresentationSession(
|
|
CipherSuite cipherSuite, shared_ptr<IPresentationSession>* outSession) {
|
|
// We only support CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 right now.
|
|
if (cipherSuite != CipherSuite::CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256) {
|
|
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
|
|
IIdentityCredentialStore::STATUS_CIPHER_SUITE_NOT_SUPPORTED,
|
|
"Unsupported cipher suite"));
|
|
}
|
|
|
|
sp<SecureHardwareSessionProxy> hwProxy = hwProxyFactory_->createSessionProxy();
|
|
shared_ptr<PresentationSession> session =
|
|
ndk::SharedRefBase::make<PresentationSession>(hwProxyFactory_, hwProxy);
|
|
auto ret = session->initialize();
|
|
if (ret != IIdentityCredentialStore::STATUS_OK) {
|
|
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
|
|
int(ret), "Error initializing PresentationSession"));
|
|
}
|
|
*outSession = session;
|
|
return ndk::ScopedAStatus::ok();
|
|
}
|
|
|
|
} // namespace aidl::android::hardware::identity
|