Add remote key provisioning to the IC HAL

The IIdentityCredentialStore can now advertise the correct IRemotelyProvisionedComponent that is used for getting remotely provisioned attestation keys. IWritableIdentityCredential has a new method so it can accept remotely provisioned keys. Update the VTS tests to check the new RKP functionality. Support RKP in the default identity cred service Test: VtsHalIdentityTargetTest Bug: 194696876 Change-Id: I96dcf3027e0f21790c35900ddf8cc0953bd3b1ca
author: Seth Moore <sethmo@google.com> 2022-01-05 09:34:42 -0800
committer: Seth Moore <sethmo@google.com> 2022-01-24 16:19:21 -0800
commit: b5b69f0e009388fccb000a9a8aac5a38dbbd2726 (patch)
tree: 8d71317158f8c634b17ea271cf7ac8070ca7688e /identity/aidl/default/FakeSecureHardwareProxy.cpp
parent: 3200496e757423986114f788158969adbb08b10c (diff)
1 files changed, 22 insertions, 1 deletions
diff --git a/identity/aidl/default/FakeSecureHardwareProxy.cpp b/identity/aidl/default/FakeSecureHardwareProxy.cpp
index 91e634c0c3..9b9a749427 100644
--- a/identity/aidl/default/FakeSecureHardwareProxy.cpp
+++ b/identity/aidl/default/FakeSecureHardwareProxy.cpp
@@ -155,7 +155,11 @@ optional<vector<uint8_t>> FakeSecureHardwareProvisioningProxy::createCredentialK
     size_t publicKeyCertSize = sizeof publicKeyCert;
     if (!eicProvisioningCreateCredentialKey(&ctx_, challenge.data(), challenge.size(),
                                             applicationId.data(), applicationId.size(),
-                                            publicKeyCert, &publicKeyCertSize)) {
+                                            /*attestationKeyBlob=*/nullptr,
+                                            /*attestationKeyBlobSize=*/0,
+                                            /*attestationKeyCert=*/nullptr,
+                                            /*attestationKeyCertSize=*/0, publicKeyCert,
+                                            &publicKeyCertSize)) {
         return std::nullopt;
     }
     vector<uint8_t> pubKeyCert(publicKeyCertSize);
@@ -163,6 +167,23 @@ optional<vector<uint8_t>> FakeSecureHardwareProvisioningProxy::createCredentialK
     return pubKeyCert;
 }
 
+optional<vector<uint8_t>> FakeSecureHardwareProvisioningProxy::createCredentialKeyUsingRkp(
+        const vector<uint8_t>& challenge, const vector<uint8_t>& applicationId,
+        const vector<uint8_t>& attestationKeyBlob, const vector<uint8_t>& attstationKeyCert) {
+    size_t publicKeyCertSize = 4096;
+    vector<uint8_t> publicKeyCert(publicKeyCertSize);
+    if (!eicProvisioningCreateCredentialKey(&ctx_, challenge.data(), challenge.size(),
+                                            applicationId.data(), applicationId.size(),
+                                            attestationKeyBlob.data(), attestationKeyBlob.size(),
+                                            attstationKeyCert.data(), attstationKeyCert.size(),
+                                            publicKeyCert.data(), &publicKeyCertSize)) {
+        LOG(ERROR) << "error creating credential key";
+        return std::nullopt;
+    }
+    publicKeyCert.resize(publicKeyCertSize);
+    return publicKeyCert;
+}
+
 bool FakeSecureHardwareProvisioningProxy::startPersonalization(
         int accessControlProfileCount, const vector<int>& entryCounts, const string& docType,
         size_t expectedProofOfProvisioningSize) {
author	Seth Moore <sethmo@google.com>	2022-01-05 09:34:42 -0800
committer	Seth Moore <sethmo@google.com>	2022-01-24 16:19:21 -0800
commit	b5b69f0e009388fccb000a9a8aac5a38dbbd2726 (patch)
tree	8d71317158f8c634b17ea271cf7ac8070ca7688e /identity/aidl/default/FakeSecureHardwareProxy.cpp
parent	3200496e757423986114f788158969adbb08b10c (diff)