1 /* 2 * Copyright 2019, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_HARDWARE_IDENTITY_WRITABLEIDENTITYCREDENTIAL_H 18 #define ANDROID_HARDWARE_IDENTITY_WRITABLEIDENTITYCREDENTIAL_H 19 20 #include <aidl/android/hardware/identity/BnWritableIdentityCredential.h> 21 #include <android/hardware/identity/support/IdentityCredentialSupport.h> 22 23 #include <cppbor.h> 24 #include <set> 25 26 namespace aidl::android::hardware::identity { 27 28 using ::std::set; 29 using ::std::string; 30 using ::std::vector; 31 32 class WritableIdentityCredential : public BnWritableIdentityCredential { 33 public: WritableIdentityCredential(const string & docType,bool testCredential)34 WritableIdentityCredential(const string& docType, bool testCredential) 35 : docType_(docType), testCredential_(testCredential) {} 36 37 // Creates the Credential Key. Returns false on failure. Must be called 38 // right after construction. 39 bool initialize(); 40 41 // Methods from IWritableIdentityCredential follow. 42 ndk::ScopedAStatus getAttestationCertificate(const vector<uint8_t>& attestationApplicationId, 43 const vector<uint8_t>& attestationChallenge, 44 vector<Certificate>* outCertificateChain) override; 45 46 ndk::ScopedAStatus setExpectedProofOfProvisioningSize( 47 int32_t expectedProofOfProvisioningSize) override; 48 49 ndk::ScopedAStatus startPersonalization(int32_t accessControlProfileCount, 50 const vector<int32_t>& entryCounts) override; 51 52 ndk::ScopedAStatus addAccessControlProfile( 53 int32_t id, const Certificate& readerCertificate, bool userAuthenticationRequired, 54 int64_t timeoutMillis, int64_t secureUserId, 55 SecureAccessControlProfile* outSecureAccessControlProfile) override; 56 57 ndk::ScopedAStatus beginAddEntry(const vector<int32_t>& accessControlProfileIds, 58 const string& nameSpace, const string& name, 59 int32_t entrySize) override; 60 61 ndk::ScopedAStatus addEntryValue(const vector<uint8_t>& content, 62 vector<uint8_t>* outEncryptedContent) override; 63 64 ndk::ScopedAStatus finishAddingEntries( 65 vector<uint8_t>* outCredentialData, 66 vector<uint8_t>* outProofOfProvisioningSignature) override; 67 68 private: 69 string docType_; 70 bool testCredential_; 71 72 // This is set in initialize(). 73 vector<uint8_t> storageKey_; 74 bool startPersonalizationCalled_; 75 bool firstEntry_; 76 77 // These are set in getAttestationCertificate(). 78 vector<uint8_t> credentialPrivKey_; 79 vector<uint8_t> credentialPubKey_; 80 vector<vector<uint8_t>> certificateChain_; 81 82 // These fields are initialized during startPersonalization() 83 size_t numAccessControlProfileRemaining_; 84 vector<int32_t> remainingEntryCounts_; 85 cppbor::Array signedDataAccessControlProfiles_; 86 cppbor::Map signedDataNamespaces_; 87 cppbor::Array signedDataCurrentNamespace_; 88 size_t expectedProofOfProvisioningSize_; 89 90 // This field is initialized in addAccessControlProfile 91 set<int32_t> accessControlProfileIds_; 92 93 // These fields are initialized during beginAddEntry() 94 size_t entryRemainingBytes_; 95 vector<uint8_t> entryAdditionalData_; 96 string entryNameSpace_; 97 string entryName_; 98 vector<int32_t> entryAccessControlProfileIds_; 99 vector<uint8_t> entryBytes_; 100 set<string> allNameSpaces_; 101 }; 102 103 } // namespace aidl::android::hardware::identity 104 105 #endif // ANDROID_HARDWARE_IDENTITY_WRITABLEIDENTITYCREDENTIAL_H 106