1 /*
2  * Copyright 2019, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define LOG_TAG "IdentityCredentialStore"
18 
19 #include <android-base/logging.h>
20 
21 #include "IdentityCredential.h"
22 #include "IdentityCredentialStore.h"
23 #include "WritableIdentityCredential.h"
24 
25 namespace aidl::android::hardware::identity {
26 
27 using ::aidl::android::hardware::security::keymint::
28     IRemotelyProvisionedComponent;
29 
getHardwareInformation(HardwareInformation * hardwareInformation)30 ndk::ScopedAStatus IdentityCredentialStore::getHardwareInformation(
31     HardwareInformation* hardwareInformation) {
32   HardwareInformation hw;
33   hw.credentialStoreName =
34       "Identity Credential Cuttlefish Remote Implementation";
35   hw.credentialStoreAuthorName = "Google";
36   hw.dataChunkSize = kGcmChunkSize;
37   hw.isDirectAccess = false;
38   hw.supportedDocTypes = {};
39   *hardwareInformation = hw;
40   return ndk::ScopedAStatus::ok();
41 }
42 
createCredential(const string & docType,bool testCredential,shared_ptr<IWritableIdentityCredential> * outWritableCredential)43 ndk::ScopedAStatus IdentityCredentialStore::createCredential(
44     const string& docType, bool testCredential,
45     shared_ptr<IWritableIdentityCredential>* outWritableCredential) {
46   sp<SecureHardwareProvisioningProxy> hwProxy =
47       hwProxyFactory_->createProvisioningProxy();
48   shared_ptr<WritableIdentityCredential> wc =
49       ndk::SharedRefBase::make<WritableIdentityCredential>(hwProxy, docType,
50                                                            testCredential);
51   if (!wc->initialize()) {
52     return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
53         IIdentityCredentialStore::STATUS_FAILED,
54         "Error initializing WritableIdentityCredential"));
55   }
56   *outWritableCredential = wc;
57   return ndk::ScopedAStatus::ok();
58 }
59 
getCredential(CipherSuite cipherSuite,const vector<uint8_t> & credentialData,shared_ptr<IIdentityCredential> * outCredential)60 ndk::ScopedAStatus IdentityCredentialStore::getCredential(
61     CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
62     shared_ptr<IIdentityCredential>* outCredential) {
63   // We only support CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 right
64   // now.
65   if (cipherSuite !=
66       CipherSuite::CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256) {
67     return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
68         IIdentityCredentialStore::STATUS_CIPHER_SUITE_NOT_SUPPORTED,
69         "Unsupported cipher suite"));
70   }
71 
72   sp<SecureHardwarePresentationProxy> hwProxy =
73       hwProxyFactory_->createPresentationProxy();
74   shared_ptr<IdentityCredential> credential =
75       ndk::SharedRefBase::make<IdentityCredential>(hwProxyFactory_, hwProxy,
76                                                    credentialData);
77   auto ret = credential->initialize();
78   if (ret != IIdentityCredentialStore::STATUS_OK) {
79     return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
80         int(ret), "Error initializing IdentityCredential"));
81   }
82   *outCredential = credential;
83   return ndk::ScopedAStatus::ok();
84 }
85 
86 }  // namespace aidl::android::hardware::identity
87