Factor keystore_attestation_id into library and also use this in credstore.

This was needed because credstore needs to generate and pass the
generated AttestationApplicationId to the Identity Credential HAL.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: Id22b85ca083e23c7e1fbd3459910fba37a5db137

8 files changed, 50 insertions, 20 deletions

diff --git a/identity/Android.bp b/identity/Android.bp
index 240e107e..ad9bd72d 100644
--- a/identity/Android.bp
+++ b/identity/Android.bp
@@ -37,6 +37,7 @@ cc_binary {
         "libhidlbase",
         "android.hardware.identity-support-lib",
         "libkeymaster4support",
+        "libkeystore-attestation-application-id",
     ],
     static_libs: [
         "libcppbor",
diff --git a/identity/WritableCredential.cpp b/identity/WritableCredential.cpp
index f58ec166..86c604d2 100644
--- a/identity/WritableCredential.cpp
+++ b/identity/WritableCredential.cpp
@@ -17,15 +17,12 @@
 #define LOG_TAG "WritableCredential"
 
 #include <android-base/logging.h>
-
 #include <android/hardware/identity/support/IdentityCredentialSupport.h>
-
 #include <android/security/identity/ICredentialStore.h>
-
 #include <binder/IPCThreadState.h>
-
 #include <cppbor.h>
 #include <cppbor_parse.h>
+#include <keystore/keystore_attestation_id.h>
 
 #include "CredentialData.h"
 #include "Util.h"
@@ -60,11 +57,23 @@ Status WritableCredential::ensureAttestationCertificateExists(const vector<uint8
         return Status::ok();
     }
 
+    const int32_t callingUid = IPCThreadState::self()->getCallingUid();
+    auto asn1AttestationId = android::security::gather_attestation_application_id(callingUid);
+    if (!asn1AttestationId.isOk()) {
+        LOG(ERROR) << "Failed gathering AttestionApplicationId";
+        return Status::fromServiceSpecificError(ICredentialStore::ERROR_GENERIC,
+                                                "Failed gathering AttestionApplicationId");
+    }
+
     Result result;
     halBinder_->getAttestationCertificate(
-        challenge, [&](const Result& _result, const hidl_vec<uint8_t>& _attestationCertificate) {
+        asn1AttestationId.value(), challenge,
+        [&](const Result& _result, const hidl_vec<hidl_vec<uint8_t>>& _splitCerts) {
             result = _result;
-            attestationCertificate = _attestationCertificate;
+            vector<vector<uint8_t>> splitCerts;
+            std::copy(_splitCerts.begin(), _splitCerts.end(), std::back_inserter(splitCerts));
+            attestationCertificate =
+                ::android::hardware::identity::support::certificateChainJoin(splitCerts);
         });
     if (result.code != ResultCode::OK) {
         LOG(ERROR) << "Error calling getAttestationCertificate()";
diff --git a/keystore/Android.bp b/keystore/Android.bp
index f3a7531a..c0aeedaa 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -29,7 +29,6 @@ cc_binary {
     defaults: ["keystore_defaults"],
 
     srcs: [
-        ":IKeyAttestationApplicationIdProvider.aidl",
         "KeyStore.cpp",
         "auth_token_table.cpp",
         "blob.cpp",
@@ -41,7 +40,6 @@ cc_binary {
         "keyblob_utils.cpp",
         "keymaster_enforcement.cpp",
         "keymaster_worker.cpp",
-        "keystore_attestation_id.cpp",
         "keystore_main.cpp",
         "keystore_utils.cpp",
         "legacy_keymaster_device_wrapper.cpp",
@@ -64,6 +62,7 @@ cc_binary {
         "libkeymaster4support",
         "libkeymaster_messages",
         "libkeymaster_portable",
+        "libkeystore-attestation-application-id",
         "libkeystore_aidl",
         "libkeystore_binder",
         "libkeystore_parcelables",
@@ -144,13 +143,10 @@ cc_library_shared {
     defaults: ["keystore_defaults"],
     export_include_dirs: ["include"],
     srcs: [
-        "KeyAttestationApplicationId.cpp",
-        "KeyAttestationPackageInfo.cpp",
         "KeymasterArguments.cpp",
         "keystore_aidl_hidl_marshalling_utils.cpp",
         "KeystoreResponse.cpp",
         "OperationResult.cpp",
-        "Signature.cpp",
     ],
     shared_libs: [
         "android.hardware.keymaster@4.0",
@@ -161,6 +157,7 @@ cc_library_shared {
         "liblog",
         "libprotobuf-cpp-lite",
         "libutils",
+        "libkeystore-attestation-application-id",
     ],
     export_shared_lib_headers: [
         "android.hardware.keymaster@4.0",
@@ -210,6 +207,31 @@ cc_library_shared {
     ],
 }
 
+// Library used by both keystore and credstore for generating the ASN.1 stored
+// in Tag::ATTESTATION_APPLICATION_ID
+cc_library_shared {
+    name: "libkeystore-attestation-application-id",
+    defaults: ["keystore_defaults"],
+
+    srcs: [
+        ":IKeyAttestationApplicationIdProvider.aidl",
+        "keystore_attestation_id.cpp",
+        "KeyAttestationApplicationId.cpp",
+        "KeyAttestationPackageInfo.cpp",
+        "Signature.cpp",
+    ],
+    shared_libs: [
+        "libbase",
+        "libbinder",
+        "libhidlbase",
+        "liblog",
+        "libutils",
+        "libcrypto",
+    ],
+
+    export_include_dirs: ["include"],
+}
+
 // Library for keystore clients using the WiFi HIDL interface
 cc_library_shared {
     name: "libkeystore-wifi-hidl",
@@ -235,13 +257,8 @@ cc_library_static {
     defaults: ["keystore_defaults"],
 
     srcs: [
-        ":IKeyAttestationApplicationIdProvider.aidl",
         "auth_token_table.cpp",
         "blob.cpp",
-        "keystore_attestation_id.cpp",
-        "KeyAttestationApplicationId.cpp",
-        "KeyAttestationPackageInfo.cpp",
-        "Signature.cpp",
     ],
     cflags: [ "-O0", ],
     static_libs: ["libgtest_main"],
@@ -251,6 +268,7 @@ cc_library_static {
         "libcrypto",
         "libhidlbase",
         "libkeymaster4support",
+        "libkeystore-attestation-application-id",
         "libutils",
         "libkeystore_aidl",
         "libkeystore_parcelables",
diff --git a/keystore/keystore_attestation_id.h b/keystore/include/keystore/keystore_attestation_id.h
index 63015ee7..238f4b12 100644
--- a/keystore/keystore_attestation_id.h
+++ b/keystore/include/keystore/keystore_attestation_id.h
@@ -51,7 +51,7 @@ template <typename T> class StatusOr {
 
     ::android::status_t status() const { return _status; }
 
-    const T& value() const & { return _value; }
+    const T& value() const& { return _value; }
     T& value() & { return _value; }
     T&& value() && { return std::move(_value); }
 
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 5bc5a78d..01489d91 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -42,9 +42,9 @@
 
 #include "defaults.h"
 #include "key_proto_handler.h"
-#include "keystore_attestation_id.h"
 #include "keystore_keymaster_enforcement.h"
 #include "keystore_utils.h"
+#include <keystore/keystore_attestation_id.h>
 #include <keystore/keystore_hidl_support.h>
 #include <keystore/keystore_return_types.h>
 
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index b48639f3..3d9e87ec 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -13,7 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-#include "keystore_attestation_id.h"
+
+#include <keystore/keystore_attestation_id.h>
 
 #define LOG_TAG "keystore_att_id"
 
diff --git a/keystore/tests/Android.bp b/keystore/tests/Android.bp
index bbcc1c2f..edeb8e53 100644
--- a/keystore/tests/Android.bp
+++ b/keystore/tests/Android.bp
@@ -31,6 +31,7 @@ cc_test {
     shared_libs: [
         "libbinder",
         "libkeymaster_messages",
+        "libkeystore-attestation-application-id",
         "libvndksupport",
     ],
    sanitize: {
diff --git a/keystore/tests/aaid_truncation_test.cpp b/keystore/tests/aaid_truncation_test.cpp
index e5d5e9f6..45c54df4 100644
--- a/keystore/tests/aaid_truncation_test.cpp
+++ b/keystore/tests/aaid_truncation_test.cpp
@@ -19,8 +19,8 @@
 #include <string>
 #include <utils/String16.h>
 
-#include "../keystore_attestation_id.h"
 #include <keymaster/logger.h>
+#include <keystore/keystore_attestation_id.h>
 
 #include <keystore/KeyAttestationApplicationId.h>
 #include <keystore/KeyAttestationPackageInfo.h>