1*4d7e907cSAndroid Build Coastguard Worker /*
2*4d7e907cSAndroid Build Coastguard Worker * Copyright 2021, The Android Open Source Project
3*4d7e907cSAndroid Build Coastguard Worker *
4*4d7e907cSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*4d7e907cSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*4d7e907cSAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*4d7e907cSAndroid Build Coastguard Worker *
8*4d7e907cSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*4d7e907cSAndroid Build Coastguard Worker *
10*4d7e907cSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*4d7e907cSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*4d7e907cSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*4d7e907cSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*4d7e907cSAndroid Build Coastguard Worker * limitations under the License.
15*4d7e907cSAndroid Build Coastguard Worker */
16*4d7e907cSAndroid Build Coastguard Worker
17*4d7e907cSAndroid Build Coastguard Worker #define LOG_TAG "PresentationSession"
18*4d7e907cSAndroid Build Coastguard Worker
19*4d7e907cSAndroid Build Coastguard Worker #include "PresentationSession.h"
20*4d7e907cSAndroid Build Coastguard Worker #include "IdentityCredentialStore.h"
21*4d7e907cSAndroid Build Coastguard Worker
22*4d7e907cSAndroid Build Coastguard Worker #include <android/hardware/identity/support/IdentityCredentialSupport.h>
23*4d7e907cSAndroid Build Coastguard Worker
24*4d7e907cSAndroid Build Coastguard Worker #include <string.h>
25*4d7e907cSAndroid Build Coastguard Worker
26*4d7e907cSAndroid Build Coastguard Worker #include <android-base/logging.h>
27*4d7e907cSAndroid Build Coastguard Worker #include <android-base/stringprintf.h>
28*4d7e907cSAndroid Build Coastguard Worker
29*4d7e907cSAndroid Build Coastguard Worker #include <cppbor.h>
30*4d7e907cSAndroid Build Coastguard Worker #include <cppbor_parse.h>
31*4d7e907cSAndroid Build Coastguard Worker
32*4d7e907cSAndroid Build Coastguard Worker #include "FakeSecureHardwareProxy.h"
33*4d7e907cSAndroid Build Coastguard Worker #include "IdentityCredential.h"
34*4d7e907cSAndroid Build Coastguard Worker #include "PresentationSession.h"
35*4d7e907cSAndroid Build Coastguard Worker
36*4d7e907cSAndroid Build Coastguard Worker namespace aidl::android::hardware::identity {
37*4d7e907cSAndroid Build Coastguard Worker
38*4d7e907cSAndroid Build Coastguard Worker using ::std::optional;
39*4d7e907cSAndroid Build Coastguard Worker
40*4d7e907cSAndroid Build Coastguard Worker using namespace ::android::hardware::identity;
41*4d7e907cSAndroid Build Coastguard Worker
~PresentationSession()42*4d7e907cSAndroid Build Coastguard Worker PresentationSession::~PresentationSession() {}
43*4d7e907cSAndroid Build Coastguard Worker
initialize()44*4d7e907cSAndroid Build Coastguard Worker int PresentationSession::initialize() {
45*4d7e907cSAndroid Build Coastguard Worker if (!hwProxy_->initialize()) {
46*4d7e907cSAndroid Build Coastguard Worker LOG(ERROR) << "hwProxy->initialize failed";
47*4d7e907cSAndroid Build Coastguard Worker return IIdentityCredentialStore::STATUS_FAILED;
48*4d7e907cSAndroid Build Coastguard Worker }
49*4d7e907cSAndroid Build Coastguard Worker
50*4d7e907cSAndroid Build Coastguard Worker optional<uint64_t> id = hwProxy_->getId();
51*4d7e907cSAndroid Build Coastguard Worker if (!id) {
52*4d7e907cSAndroid Build Coastguard Worker LOG(ERROR) << "Error getting id for session";
53*4d7e907cSAndroid Build Coastguard Worker return IIdentityCredentialStore::STATUS_FAILED;
54*4d7e907cSAndroid Build Coastguard Worker }
55*4d7e907cSAndroid Build Coastguard Worker id_ = id.value();
56*4d7e907cSAndroid Build Coastguard Worker
57*4d7e907cSAndroid Build Coastguard Worker optional<uint64_t> authChallenge = hwProxy_->getAuthChallenge();
58*4d7e907cSAndroid Build Coastguard Worker if (!authChallenge) {
59*4d7e907cSAndroid Build Coastguard Worker LOG(ERROR) << "Error getting authChallenge for session";
60*4d7e907cSAndroid Build Coastguard Worker return IIdentityCredentialStore::STATUS_FAILED;
61*4d7e907cSAndroid Build Coastguard Worker }
62*4d7e907cSAndroid Build Coastguard Worker authChallenge_ = authChallenge.value();
63*4d7e907cSAndroid Build Coastguard Worker
64*4d7e907cSAndroid Build Coastguard Worker return IIdentityCredentialStore::STATUS_OK;
65*4d7e907cSAndroid Build Coastguard Worker }
66*4d7e907cSAndroid Build Coastguard Worker
getEphemeralKeyPair(vector<uint8_t> * outKeyPair)67*4d7e907cSAndroid Build Coastguard Worker ndk::ScopedAStatus PresentationSession::getEphemeralKeyPair(vector<uint8_t>* outKeyPair) {
68*4d7e907cSAndroid Build Coastguard Worker if (ephemeralKeyPair_.size() == 0) {
69*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> ephemeralKeyPriv = hwProxy_->getEphemeralKeyPair();
70*4d7e907cSAndroid Build Coastguard Worker if (!ephemeralKeyPriv) {
71*4d7e907cSAndroid Build Coastguard Worker LOG(ERROR) << "Error getting ephemeral private key for session";
72*4d7e907cSAndroid Build Coastguard Worker return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
73*4d7e907cSAndroid Build Coastguard Worker IIdentityCredentialStore::STATUS_FAILED,
74*4d7e907cSAndroid Build Coastguard Worker "Error getting ephemeral private key for session"));
75*4d7e907cSAndroid Build Coastguard Worker }
76*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> ephemeralKeyPair =
77*4d7e907cSAndroid Build Coastguard Worker support::ecPrivateKeyToKeyPair(ephemeralKeyPriv.value());
78*4d7e907cSAndroid Build Coastguard Worker if (!ephemeralKeyPair) {
79*4d7e907cSAndroid Build Coastguard Worker LOG(ERROR) << "Error creating ephemeral key-pair";
80*4d7e907cSAndroid Build Coastguard Worker return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
81*4d7e907cSAndroid Build Coastguard Worker IIdentityCredentialStore::STATUS_FAILED, "Error creating ephemeral key-pair"));
82*4d7e907cSAndroid Build Coastguard Worker }
83*4d7e907cSAndroid Build Coastguard Worker ephemeralKeyPair_ = ephemeralKeyPair.value();
84*4d7e907cSAndroid Build Coastguard Worker }
85*4d7e907cSAndroid Build Coastguard Worker *outKeyPair = ephemeralKeyPair_;
86*4d7e907cSAndroid Build Coastguard Worker return ndk::ScopedAStatus::ok();
87*4d7e907cSAndroid Build Coastguard Worker }
88*4d7e907cSAndroid Build Coastguard Worker
getAuthChallenge(int64_t * outChallenge)89*4d7e907cSAndroid Build Coastguard Worker ndk::ScopedAStatus PresentationSession::getAuthChallenge(int64_t* outChallenge) {
90*4d7e907cSAndroid Build Coastguard Worker *outChallenge = authChallenge_;
91*4d7e907cSAndroid Build Coastguard Worker return ndk::ScopedAStatus::ok();
92*4d7e907cSAndroid Build Coastguard Worker }
93*4d7e907cSAndroid Build Coastguard Worker
setReaderEphemeralPublicKey(const vector<uint8_t> & publicKey)94*4d7e907cSAndroid Build Coastguard Worker ndk::ScopedAStatus PresentationSession::setReaderEphemeralPublicKey(
95*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& publicKey) {
96*4d7e907cSAndroid Build Coastguard Worker // We expect the reader ephemeral public key to be same size and curve
97*4d7e907cSAndroid Build Coastguard Worker // as the ephemeral key we generated (e.g. P-256 key), otherwise ECDH
98*4d7e907cSAndroid Build Coastguard Worker // won't work. So its length should be 65 bytes and it should be
99*4d7e907cSAndroid Build Coastguard Worker // starting with 0x04.
100*4d7e907cSAndroid Build Coastguard Worker if (publicKey.size() != 65 || publicKey[0] != 0x04) {
101*4d7e907cSAndroid Build Coastguard Worker return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
102*4d7e907cSAndroid Build Coastguard Worker IIdentityCredentialStore::STATUS_FAILED,
103*4d7e907cSAndroid Build Coastguard Worker "Reader public key is not in expected format"));
104*4d7e907cSAndroid Build Coastguard Worker }
105*4d7e907cSAndroid Build Coastguard Worker readerPublicKey_ = publicKey;
106*4d7e907cSAndroid Build Coastguard Worker vector<uint8_t> pubKeyP256(publicKey.begin() + 1, publicKey.end());
107*4d7e907cSAndroid Build Coastguard Worker if (!hwProxy_->setReaderEphemeralPublicKey(pubKeyP256)) {
108*4d7e907cSAndroid Build Coastguard Worker return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
109*4d7e907cSAndroid Build Coastguard Worker IIdentityCredentialStore::STATUS_FAILED,
110*4d7e907cSAndroid Build Coastguard Worker "Error setting readerEphemeralPublicKey for session"));
111*4d7e907cSAndroid Build Coastguard Worker }
112*4d7e907cSAndroid Build Coastguard Worker return ndk::ScopedAStatus::ok();
113*4d7e907cSAndroid Build Coastguard Worker }
114*4d7e907cSAndroid Build Coastguard Worker
setSessionTranscript(const vector<uint8_t> & sessionTranscript)115*4d7e907cSAndroid Build Coastguard Worker ndk::ScopedAStatus PresentationSession::setSessionTranscript(
116*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& sessionTranscript) {
117*4d7e907cSAndroid Build Coastguard Worker sessionTranscript_ = sessionTranscript;
118*4d7e907cSAndroid Build Coastguard Worker if (!hwProxy_->setSessionTranscript(sessionTranscript)) {
119*4d7e907cSAndroid Build Coastguard Worker return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
120*4d7e907cSAndroid Build Coastguard Worker IIdentityCredentialStore::STATUS_FAILED,
121*4d7e907cSAndroid Build Coastguard Worker "Error setting SessionTranscript for session"));
122*4d7e907cSAndroid Build Coastguard Worker }
123*4d7e907cSAndroid Build Coastguard Worker return ndk::ScopedAStatus::ok();
124*4d7e907cSAndroid Build Coastguard Worker }
125*4d7e907cSAndroid Build Coastguard Worker
getCredential(const vector<uint8_t> & credentialData,shared_ptr<IIdentityCredential> * outCredential)126*4d7e907cSAndroid Build Coastguard Worker ndk::ScopedAStatus PresentationSession::getCredential(
127*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& credentialData, shared_ptr<IIdentityCredential>* outCredential) {
128*4d7e907cSAndroid Build Coastguard Worker shared_ptr<PresentationSession> p = ref<PresentationSession>();
129*4d7e907cSAndroid Build Coastguard Worker shared_ptr<IdentityCredential> credential = ndk::SharedRefBase::make<IdentityCredential>(
130*4d7e907cSAndroid Build Coastguard Worker hwProxyFactory_, credentialData, p, hardwareInformation_);
131*4d7e907cSAndroid Build Coastguard Worker int ret = credential->initialize();
132*4d7e907cSAndroid Build Coastguard Worker if (ret != IIdentityCredentialStore::STATUS_OK) {
133*4d7e907cSAndroid Build Coastguard Worker return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
134*4d7e907cSAndroid Build Coastguard Worker ret, "Error initializing IdentityCredential"));
135*4d7e907cSAndroid Build Coastguard Worker }
136*4d7e907cSAndroid Build Coastguard Worker *outCredential = std::move(credential);
137*4d7e907cSAndroid Build Coastguard Worker
138*4d7e907cSAndroid Build Coastguard Worker return ndk::ScopedAStatus::ok();
139*4d7e907cSAndroid Build Coastguard Worker }
140*4d7e907cSAndroid Build Coastguard Worker
getSessionId()141*4d7e907cSAndroid Build Coastguard Worker uint64_t PresentationSession::getSessionId() {
142*4d7e907cSAndroid Build Coastguard Worker return id_;
143*4d7e907cSAndroid Build Coastguard Worker }
144*4d7e907cSAndroid Build Coastguard Worker
getSessionTranscript()145*4d7e907cSAndroid Build Coastguard Worker vector<uint8_t> PresentationSession::getSessionTranscript() {
146*4d7e907cSAndroid Build Coastguard Worker return sessionTranscript_;
147*4d7e907cSAndroid Build Coastguard Worker }
148*4d7e907cSAndroid Build Coastguard Worker
getReaderEphemeralPublicKey()149*4d7e907cSAndroid Build Coastguard Worker vector<uint8_t> PresentationSession::getReaderEphemeralPublicKey() {
150*4d7e907cSAndroid Build Coastguard Worker return readerPublicKey_;
151*4d7e907cSAndroid Build Coastguard Worker }
152*4d7e907cSAndroid Build Coastguard Worker
153*4d7e907cSAndroid Build Coastguard Worker } // namespace aidl::android::hardware::identity
154